Writing Files (requires FILE privilege) .................................................13
Stacked Queries with PDO ................................................................ 13
User Defined Functions ....................................................................13
Fuzzing and Obfuscation................................................................... 13
Allowed Intermediary Characters....................................................13
Allowed Intermediary Characters after AND/OR................................15
Operators....................................................................................... 15
Constants.......................................................................................15
MySQL Functions() .......................................................................... 16
MySQL Password Hashing.................................................................16
MySQL Password() Cracker............................................................... 16
MSSQL............................................................................................. 21
Default Databases ...........................................................................21
Comment Out Query........................................................................21
Testing Version ............................................................................... 21
Database Credentials .......................................................................21
Database Server Hostname ..............................................................22
Database Names .............................................................................22
Tables & Columns............................................................................23
Retrieving Tables .........................................................................23
Retrieving Columns ...................................................................... 23
Retrieving Multiple Tables/Columns at once .....................................24
OPENROWSET Attacks .....................................................................24
System Command Execution.............................................................25
SP_PASSWORD (Hiding Query) .........................................................26
Stacked Queries.............................................................................. 27
Fuzzing and Obfuscation................................................................... 27
Encodings ................................................................................... 27
Allowed Intermediary Characters....................................................27
Allowed Intermediary Characters after AND/OR................................28
MSSQL Password Hashing.................................................................28
MSSQL Password Cracker .................................................................29
ORACLE ........................................................................................... 35
Default Databases ...........................................................................35
Comment Out Query........................................................................35
Testing Version ............................................................................... 35