Judgment of database in SQL injection

Note: For technical discussion only, do not use for other purposes, all consequences have nothing to do with me.
Foreword: For penetration testing, we can use the corresponding statements and functions for penetration only if we know the database corresponding to the website.

Common databases:

Oracle, MySQL, SQL Server, Access, MSsql, Postgresql, mongodb, etc.
Oracle—Oracle Corporation—Commercial Large Databases
MySQL—Oracle Corporation (Acquisition)—— Open source small and medium databases
SQL SERVER—Microsoft Corporation—Commercial medium and large databases
Access—Microsoft Corporation—Commercial small databases
DB2—IBM Corporation—Commercial large databases

According to the port

Oracle: default port 1521
SQL Server: default port 1433
MySQL: default port 3306

The type corresponding to the backend language and database:

asp:sql server,Access
.net :sql server
php:PostgreSQL,Mysql
java:Oracle,Mysql

Website scripts, WEB service programs. Common combinations of database service programs include:

PHP+Apache+MYSQL

ASP+Microsoft IIS+ACCSECC

ASP+Microsoft IIS+mssql

ASPX+Microsoft IIS+Mssql

JSP+TOMCAT+Oracle(relatively rare)

Signature information of each database:

sql server: [email protected]@version –
Oracle:select banner from v$version
mysql:select @@version, version() –, length(user)>0 normal
postgresql:selectversion() –

For string handling

sql server : id=1 and 'a'+'b'='ab' –
mysql: id=1 and 'a'+'b'='ab' ， 'ab'=concat('a','b')
oracle: id=1 and 'a'+'b'='a'||'b' ，'ab'=concat('a','b')
postgresql : id=1 and 'a'+'b'='a'||'b' ,'ab'=concat('a','b')

Special functions

len() and length() functions
length()/char_length(): for mysql database
len(): for sql sever database
lengthb()/length(): for useFor oracle database
length()/char_length(): for postgresql database

Special symbols, judgment of comments

Access: includes double hyphen (–), C style (/* . . . */)

MySQL: "#", means single-line comment, syntax "#comment content"
"-", means single-line comment, syntax "-- comment content"
"/**/", means multiple linesComment, syntax "/comment content/"

Oracle: "/**/", means multi-line comment, syntax "/comment content/"
"-", means single-line comment, syntax "-- comment content"