Session and User Information

Context

This article teaches how to enumerate session and user information in IBM Db2 using SQL injection. To effectively carry out these techniques, you should have foundational knowledge of database sessions, user privileges, and SQL queries. This focus area is essential for understanding how to exploit sensitive session and user data for offensive cybersecurity objectives within Db2 environments.

Theory

Db2 Session and User Information

Session information in a database context refers to the details about the current connection to the database, including user details, connection timestamps, and roles. In IBM Db2, session information allows you to understand the context from which queries are being executed. On the other hand, user information delves into the specifics of the account interacting with the database, including any privileges or roles associated with it.

Key Db2 Session Variables

Understanding session variables is crucial when aiming to enumerate session details in Db2:

  • SESSION_USER: This variable holds the user ID of the current session, which indicates who is currently authenticated and performing operations.

  • SYSTEM_USER: This variable contains the operating system user ID that is running the current Db2 session, providing insight into the host-level identity.

  • CURRENT SERVER: This identifies the name of the database server to which the session is connected, helping to confirm the server being interacted with.

Db2 User Information Retrieval

Aside from session variables, you can interrogate various attributes to gain user-related insights:

  • AUTHORIZATION_ID: This provides the authorization ID currently in use for interacting with the database, critical for assessing the scope of access.

  • CURRENT_USER: This identifies the user ID currently executing a particular SQL statement, often used for logging and auditing purposes.

  • USER FROM SYSIBM.SYSDUMMY1: Db2 uses the SYSIBM.SYSDUMMY1 table to execute scalar operations and queries with no real table required, which makes it a handy tool for quickly retrieving user information without affecting database performance.

Practice

Enumerate Session and User Information via SQL Injection

The following steps illustrate how to enumerate session and user information in a Db2 database using SQL statements. Each SQL query is crafted to exploit Db2's information functions to extract crucial details:

  • Run the following command to retrieve the session user ID:

    SELECT SESSION_USER FROM SYSIBM.SYSDUMMY1;

  • To determine the system user ID, use this command:

    SELECT SYSTEM_USER FROM SYSIBM.SYSDUMMY1;

  • For obtaining the current server's name, execute:

    SELECT CURRENT SERVER FROM SYSIBM.SYSDUMMY1;

  • Use the following query to retrieve the authorization ID:

    SELECT AUTHORIZATION_ID FROM SYSIBM.SYSDUMMY1;

  • To fetch the current user ID executing SQL statements, run:

    SELECT CURRENT_USER FROM SYSIBM.SYSDUMMY1;

  • Finally, acquire user information from the dummy table using this statement:

    SELECT USER FROM SYSIBM.SYSDUMMY1;

The successful execution of these queries will allow for the extraction of sensitive session and user information from the Db2 database, highlighting potential exploitation vectors within the environment.

Tools

  • Db2 SQL

We use cookies

We use cookies to ensure you get the best experience on our website. For more information on how we use cookies, please see our cookie policy.