Questions about this topic? Sign up to ask in the talk tab.

SQL injection/Target Environments/Mapping/Legacy

From NetSec
Revision as of 01:34, 19 July 2012 by LashawnSeccombe (Talk | contribs) (Created page with "<noinclude>{{subpage|SQL injection}}</noinclude> The information_schema database entered the open source community in MySQL version 5 and at the end of PostgreSQL Version 7.3; ol...")

(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to: navigation, search
back to SQL injection


The information_schema database entered the open source community in MySQL version 5 and at the end of PostgreSQL Version 7.3; old and current versions of SQL engines contain their schema information in their administration databases. More information can be found on this by combining techniques listed here with the manuals and documentation.

Access/MSSQL

  • sysobjects table/database (Legacy Access/Jet Engine)
  • msysobjects table/database (Legacy SQL Server CE)
PROCEDURE ANALYSE might come in handy.

MySQL 4

  • MySQL.columns_priv
  • MySQL.tables_priv
  • MySQL.db
It is typical that legacy database versions require privileged access for flexible mapping.