SQLi by database (MySQL / Postgres / Oracle / MSSQL)

SQLi by database (MySQL / Postgres / Oracle / MSSQL)

TL;DR: Syntax and primitives differ per RDBMS — version, comment style, string concat, file read, UDF / xp_cmdshell exec.

Stub — to be filled in.

What it is

TODO

Preconditions / where it applies

TODO

Technique

TODO

Detection and defence

TODO

References

  • TODO