Abstract
This chapter provides an introduction to the basic Structured Query Language (SQL). It also provides a series of SQL injection cheat sheets for quickly jumping to the material. SQL queries are made up of one or more SQL statements that are effectively instructions for the database server to carry out. The most common SQL statements one encounters are when working with a database or performing SQL injections are SELECT, INSERT, UPDATE, CREATE, UNION SELECT, and DELETE. SQL queries that are designed to read, delete, or update table data often include a conditional clause to target specific rows in a table. A conditional clause begins with WHERE followed by the condition. The OR and operators are used when multiple conditions are to be evaluated. In addition, there is a brief discussion on SQL injection; a common task when exploiting an SQL injection flaw is to identify the back-end database platform. The most commonly encountered database platforms are Microsoft SQL Server, Oracle, and MySQL. The Oracle Database Server includes the utl_http package that one uses to establish outbound HTTP connections from the database server host. It is possible to abuse this package to extract database data via HTTP connections to any TCP port.
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Disclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.