Various database SQL Injection

I haven't come out to do show for a long time ~ First of all, let's look down on BH09, who told me about mysql injection! In China, these are popular science things. We can still use bh to explain which of the following tianchao's workers do not use export OUTFILE to export shell. Wow! Foreigners are really foreigners. If they do not study Chinese culture well, they feel a bit confused.

I haven't come out to do show for a long time ~ First of all, let's look down on BH09, who told me about mysql injection! In China, these are popular science things that can be used to talk about in bh.
At present, tianchao's workers do not use into out.FileExport shell! Foreigners are really foreigners. It is a bit difficult to study Chinese culture.
SuPerhei jx has thoroughly studied mysql injection N years ago!
If you say CASI doesn't understand Chinese, pangolin also has an English version! It's time to study it.
In addition, the unsupported multi-statement is not language-specific, but mainly whether the database itself is parsed. Secondly, whether the driver has any skills
So what is the chart?PHP+ MYSQL nosupport, ASPX + MYSQL support cannot really explain the problem
Contempt for contempt ~ I am not good! But I occasionally want to install-B. I have collected the following items in private at the end! It's outdated now!
It is written only by the residual memory! The following are basically DB-based SQL parsing engines.


INFORMIX does not support multiple statements. You can use functions such as filetoclob to operate local files during injection.

MYSQL does not support multiple statements (I will not talk about the rest)

ORACLE does not support multi-Statement data callback using utl_http. There are some other ways to do this without listing them one by one. Of course, if you can directly operate SQL, utl_http is disabled,
Direct back-and-forth calling of data such as dblink is not a problem.

DB2 does not support multiple statements. If you can directly operate SQL statements, you can use sqlj. install_jar to remotely install backdoors, including callback data.

MSSQL supports multiple statements and multiple statements:; press a space and press enter/**/. By default, the first result set is returned for multiple result sets!
Each SQLkeyword can also be separated by non-printable characters to bypass some IDS filters,
For example, you can use % 00 (null) to truncate the SQL statement,
Use openrowSetAnd so on!

POSTGRESQL supports multiple statements and multiple statements: by default, the last one is returned for multiple result sets. You can build SQLJ for socket, similar to the ora sqljshell I wrote.
You can also call the function to read files and find the manual by yourself.

SYBASE supports multiple statements and multiple statements. Multiple result sets with spaces return the first result set by default. You can use syb_sendmsg to call data back and forth.
Bytes
You can also use SQLJ to implement shell.

TERADATA supports multiple statements and multiple statements: DML and DDL cannot be executed simultaneously.


The preceding multi-statement DDL statements and DML statements are executed simultaneously in different databases!
In addition, the type conversion between the result sets before and after each union all query is also different,
For example, whether int type can be converted to varchar boolean type can be null or not. Based on the above ideas, the latter can test them one by one.