Examining the database

Querying the database type and version

The queries to determine the database version for some popular database types are as follows:

Database type	Query
Microsoft,MySQL	SELECT @@version
Oracle		SELECT * FROM v$version
PostgreSQL	SELECT version()

For example, you could use a UNION attack with the following input: ' UNION SELECT @@version--

Listing the contents of the database

Most database types (with the notable exception of Oracle) have a set of views called the information schema which provide information about the database.

You can query information_schema.tables to list the tables in the database:

SELECT * FROM information_schema.tables

You can then query information_schema.columns to list the columns in individual tables:

SELECT * FROM information_schema.columns WHERE table_name = 'Users'

Equivalent to information schema on Oracle

On Oracle, you can obtain the same information with slightly different queries.

You can list tables by querying all_tables:

SELECT * FROM all_tables

And you can list columns by querying all_tab_columns:

SELECT * FROM all_tab_columns WHERE table_name = 'USERS'

PreviousSql Injection NextRetrieving data from other database tables

Last updated 2 years ago

hashtagQuerying the database type and version

hashtagListing the contents of the database

hashtagEquivalent to information schema on Oracle

Querying the database type and version

Listing the contents of the database

Equivalent to information schema on Oracle