System Tables for SQL Injection

The system tables of the most popular DBMS

You will find below a complete list of system tables for the most popular database management systems. This list also contain specific information related to SQL injection. This reference is subject to modifications in a near future. It will include a short description of each columns and more specific details about how those can be used for SQL injection attacks.

MySQL

The reference to information schema was remove from table names below to ease reading. However, note that all those table names must be preceded by "INFORMATION_SCHEMA." (example: SELECT * FROM INFORMATION_SCHEMA.COLUMNS).

Tables	Description
CHARACTER_SETS
COLLATIONS
COLLATION_CHARACTER_SET_APPLICABILITY
COLUMNS
COLUMN_PRIVILEGES
ENGINES
EVENTS
FILES
GLOBAL_STATUS and SESSION_STATUSs
GLOBAL_VARIABLES and SESSION_VARIABLESs
KEY_COLUMN_USAGE
OPTIMIZER_TRACE
PARAMETERS
PARTITIONS
PLUGINS
PROCESSLIST
PROFILING	The PROFILING table provides statement profiling information. Its contents correspond to the information produced by the SHOW PROFILES and SHOW PROFILE statements. The table is empty unless the profiling session variable is set to 1.
REFERENTIAL_CONSTRAINTS
ROUTINES	The ROUTINES table provides information about stored routines (both procedures and functions). The ROUTINES table does not include user-defined functions (UDFs). The column named “mysql.proc name” indicates the mysql.proc table column that corresponds to the INFORMATION_SCHEMA.ROUTINES table column, if any.
SCHEMATA	A schema is a database, so the SCHEMATA table provides information about databases.
SCHEMA_PRIVILEGES	The SCHEMA_PRIVILEGES table provides information about schema (database) privileges. This information comes from the mysql.db grant table.
STATISTICS
TABLES	The TABLES table provides information about tables in databases.
TABLESPACES
TABLE_CONSTRAINTS
TABLE_PRIVILEGES
TRIGGERS
USER_PRIVILEGES
VIEWS

Useful Information

All users can access these tables, however they will only be able to see the rows in the tables that correspond to objects for which the user has the proper access privileges.

SQL Server

Below are listed all SQL Server system tables.

Tables	Description
syscolumns	Contains one row for every column in every table and view, and a row for each parameter in a stored procedure.
sysindexkeys
syscomments
sysmembers
sysconstraints
sysobjects
sysdepends
syspermissions
sysfilegroups
sysprotects
sysfiles
sysreferences
sysforeignkeys
systypes
sysfulltextcatalogs
sysusers
sysindexes

You should use information_schema instead of system tables in order to access this information.

Oracle

Below are listed all Oracle system tables.

Tables	Description
ALL_ARGUMENTS
ALL_CATALOG
ALL_COL_COMMENTS
ALL_CONSTRAINTS
ALL_CONS_COLUMNS
ALL_DB_LINKS
ALL_ERRORS
ALL_INDEXES
ALL_IND_COLUMNS
ALL_LOBS
ALL_OBJECTS
ALL_OBJECT_TABLES
ALL_SEQUENCES
ALL_SNAPSHOTS
ALL_SOURCE
ALL_SYNONYMS
ALL_TABLES	Describes the relational tables accessible to the current user.
ALL_TAB_COLUMNS
ALL_TAB_COL_STATISTICS
ALL_TAB_COMMENTS
ALL_TRIGGERS
ALL_TRIGGER_COLS
ALL_TYPES
ALL_UPDATABLE_COLUMNS
ALL_USERS
ALL_VIEWS
DATABASE_COMPATIBLE_LEVEL
DBA_DB_LINKS
DBA_ERRORS
DBA_OBJECTS
DBA_ROLES
DBA_ROLE_PRIVS
DBA_SOURCE
DBA_TABLESPACES
DBA_TAB_PRIVS
DBA_TRIGGERS
DBA_TS_QUOTAS
DBA_USERS
DBA_VIEWS
DICTIONARY
DICT_COLUMNS
GLOBAL_NAME
NLS_DATABASE_PARAMETERS
NLS_INSTANCE_PARAMETERS
NLS_SESSION_PARAMETERS
PRODUCT_COMPONENT_VERSION
ROLE_TAB_PRIVS
SESSION_PRIVS
SESSION_ROLES
SYSTEM_PRIVILEGE_MAP
TABLE_PRIVILEGES
TABLE_PRIVILEGE_MAP