SQL Injection

Extract table and column names

Oracle

SELECT LISTAGG(table_name, ',') FROM all_tables

SELECT LISTAGG(column_name, ',') FROM all_tab_columns
WHERE table_name = 'TABLE-NAME-HERE'

Microsoft

SELECT STRING_AGG(table_name, CHAR(44)) FROM information_schema.tables

SELECT STRING_AGG(column_name, CHAR(44)) FROM information_schema.columns
WHERE table_name = 'TABLE-NAME-HERE'

PostgreSQL

SELECT STRING_AGG(table_name, ',') FROM information_schema.tables

SELECT STRING_AGG(column_name, ',') FROM information_schema.columns
WHERE table_name = 'TABLE-NAME-HERE'

MySQL

SELECT GROUP_CONCAT(table_name) FROM information_schema.tables

SELECT GROUP_CONCAT(column_name) FROM information_schema.columns
WHERE table_name = 'TABLE-NAME-HERE'`

References portswigger.net - cheatsheet.

Privileges

MySQL

SHOW GRANTS;

Others

MySQL

Use --vertical to enable the vertical format or ending query with \G, example : SELECT * FROM users \G.

> SELECT * FROM city WHERE countrycode='AUT';
*************************** 1. row ***************************
    ID: 1523
    Name: Wien
    CountryCode: AUT
    District: Wien
    Info: {"Population": 1608144}

Source dev.mysql.com.