virusz Posted August 3, 2006 Report Posted August 3, 2006 Here is a list of SQL commands and what they do, these would be used in some injection methods and of course legitimate sql functions.On thier own they wont exploit anything but eventually youl find an exploit that needs these and they are good to know for injection or just to better understand how SQL works.ABORT -- abort the current transactionALTER DATABASE -- change a databaseALTER GROUP -- add users to a group or remove users from a groupALTER TABLE -- change the definition of a tableALTER TRIGGER -- change the definition of a triggerALTER USER -- change a database user accountANALYZE -- collect statistics about a databaseBEGIN -- start a transaction blockCHECKPOINT -- force a transaction log checkpointCLOSE -- close a cursorCLUSTER -- cluster a table according to an indexCOMMENT -- define or change the comment of an objectCOMMIT -- commit the current transactionCOPY -- copy data between files and tablesCREATE AGGREGATE -- define a new aggregate functionCREATE CAST -- define a user-defined castCREATE CONSTRAINT TRIGGER -- define a new constraint triggerCREATE CONVERSION -- define a user-defined conversionCREATE DATABASE -- create a new databaseCREATE DOMAIN -- define a new domainCREATE FUNCTION -- define a new functionCREATE GROUP -- define a new user groupCREATE INDEX -- define a new indexCREATE LANGUAGE -- define a new procedural languageCREATE OPERATOR -- define a new operatorCREATE OPERATOR CLASS -- define a new operator class for indexesCREATE RULE -- define a new rewrite ruleCREATE SCHEMA -- define a new schemaCREATE SEQUENCE -- define a new sequence generatorCREATE TABLE -- define a new tableCREATE TABLE AS -- create a new table from the results of a queryCREATE TRIGGER -- define a new triggerCREATE TYPE -- define a new data typeCREATE USER -- define a new database user accountCREATE VIEW -- define a new viewDEALLOCATE -- remove a prepared queryDECLARE -- define a cursorDELETE -- delete rows of a tableDROP AGGREGATE -- remove a user-defined aggregate functionDROP CAST -- remove a user-defined castDROP CONVERSION -- remove a user-defined conversionDROP DATABASE -- remove a databaseDROP DOMAIN -- remove a user-defined domainDROP FUNCTION -- remove a user-defined functionDROP GROUP -- remove a user groupDROP INDEX -- remove an indexDROP LANGUAGE -- remove a user-defined procedural languageDROP OPERATOR -- remove a user-defined operatorDROP OPERATOR CLASS -- remove a user-defined operator classDROP RULE -- remove a rewrite ruleDROP SCHEMA -- remove a schemaDROP SEQUENCE -- remove a sequenceDROP TABLE -- remove a tableDROP TRIGGER -- remove a triggerDROP TYPE -- remove a user-defined data typeDROP USER -- remove a database user accountDROP VIEW -- remove a viewEND -- commit the current transactionEXECUTE -- execute a prepared queryEXPLAIN -- show the execution plan of a statementFETCH -- retrieve rows from a table using a cursorGRANT -- define access privilegesINSERT -- create new rows in a tableLISTEN -- listen for a notificationLOAD -- load or reload a shared library fileLOCK -- explicitly lock a tableMOVE -- position a cursor on a specified row of a tableNOTIFY -- generate a notificationPREPARE -- create a prepared queryREINDEX -- rebuild corrupted indexesRESET -- restore the value of a run-time parameter to a default valueREVOKE -- remove access privilegesROLLBACK -- abort the current transactionSELECT -- retrieve rows from a table or viewSELECT INTO -- create a new table from the results of a querySET -- change a run-time parameterSET CONSTRAINTS -- set the constraint mode of the current transactionSET SESSION AUTHORIZATION -- set the session user identifier and the current user identifier of the current sessionSET TRANSACTION -- set the characteristics of the current transactionSHOW -- show the value of a run-time parameterSTART TRANSACTION -- start a transaction blockTRUNCATE -- empty a tableUNLISTEN -- stop listening for a notificationUPDATE -- update rows of a tableVACUUM -- garbage-collect and optionally analyze a databasehave a nice day! Quote