SQL Injection Cheat Sheet (DB2)

select versionnumber, version_timestamp from sysibm.sysversions;
Comments select blah from foo; -- comment like this
Current User 
select user from sysibm.sysdummy1;
select session_user from sysibm.sysdummy1;
select system_user from sysibm.sysdummy1;
List Users

N/A (I think DB2 uses OS-level user accounts for authentication.)

Database authorities (like roles, I think) can be listed like this:
select grantee from syscat.dbauth;

List Password Hashes
N/A (I think DB2 uses OS-level user accounts for authentication.)
List Privilegesselect * from syscat.tabauth; -- privs on tables
select * from syscat.dbauth where grantee = current user;
select * from syscat.tabauth where grantee = current user;
List DBA AccountsTODO
Current Database select current server from sysibm.sysdummy1;
List DatabasesSELECT schemaname FROM syscat.schemata;
List Columns 
select name, tbname, coltype from sysibm.syscolumns;
List Tablesselect name from sysibm.systables;
Find Tables From Column NameTODO
Select Nth Rowselect name from (SELECT name FROM sysibm.systables order by 
name fetch first N+M-1 rows only) sq order by name desc fetch first N rows only;
Select Nth Char 
SELECT SUBSTR('abc',2,1) FROM sysibm.sysdummy1;  -- returns b
Bitwise AND  
This page seems to indicate that DB2 has no support for bitwise operators!

ASCII Value -> Char

select chr(65) from sysibm.sysdummy1; -- returns 'A'
Char -> ASCII Valueselect ascii('A') from sysibm.sysdummy1; -- returns 65
CastingSELECT cast('123' as integer) FROM sysibm.sysdummy1;
SELECT cast(1 as char) FROM sysibm.sysdummy1;
String ConcatenationSELECT 'a' concat 'b' concat 'c' FROM sysibm.sysdummy1; -- returns 'abc'
select 'a' || 'b' from sysibm.sysdummy1; -- returns 'ab'

If Statement

Case StatementTODO
Avoiding Quotes 
Time Delay  

See Heavy Queries article for some ideas.

Make DNS RequestsTODO
Command ExecutionTODO
Local File Access
Hostname, IP AddressTODO
Location of DB files
Default/System Databases