SQL Injection Pocket Reference

(SQL Injection Cheat Sheet)

1.

a.

Default Databases

b.

Comment Out Query

c.

Testing Injection

i.

ii.

iii.

d.

Testing Version

e.

MySQL-specific code

f.

Database Credentials

g.

h.

Tables & Columns

i.

Finding out number of columns

1.

2.

ii.

Retrieving Tables

iii.

Retrieving Columns

iv.

PROCEDURE ANALYSE()

v.

Retrieving Multiple Tables/Columns at once

vi.

Find Tables from Column Name

vii.

Find Column From Table Name

i.

Avoiding the use of single/double quotations

j.

String concatenation

k.

l.

i.

ii.

m.

Out Of Band Channeling

i.

ii.

DNS (requires FILE privilege)

iii.

SMB (requires FILE privilege)

n.

Reading Files (requires FILE privilege)

o.

Writing Files (requires FILE privilege)

p.

Stacked Queries with PDO

q.

User Defined Functions

r.

Fuzzing and Obfuscation

i.

Allowed Intermediary Characters

ii.

Allowed Intermediary Characters after AND/OR

s.

t.

u.

MySQL Functions()

v.

MySQL Password Hashing

w.

MySQL Password() Cracker

2.

a.

Default Databases

b.

Comment Out Query

c.

Testing Version

d.

Database Credentials

e.

Database Server Hostname

f.

g.

Tables & Columns

i.

Retrieving Tables

ii.

Retrieving Columns

iii.

Retrieving Multiple Tables/Columns at once

h.

OPENROWSET Attacks

i.

System Command Execution

j.

SP_PASSWORD (Hiding Query)

k.

Stacked Queries

l.

Fuzzing and Obfuscation

i.

ii.

Allowed Intermediary Characters

iii.

Allowed Intermediary Characters after AND/OR

m.

MSSQL Password Hashing

n.

MSSQL Password Cracker

3.

a.

Default Databases

b.

Comment Out Query

c.

Testing Version

d.

Database Credentials

e.

i.

Current Database

ii.

f.

Tables & Columns

i.

Retrieving Tables

ii.

Retrieving Columns

iii.

Finding Tables from Column Name

iv.

Finding Column From Table Name

g.

Fuzzing and Obfuscation

i.

Avoiding the use of single/double quotations

h.

Out Of Band Channeling

i.

ii.

Heavy Query Time delays

Credits

I would like to thank .mario, Reiners and everyone else who has helped me inmaking this document what it is today. You can reach me at twitter.com/LightOSwith any suggestions you may have and remember this is still a work in progress,so be sure to check in frequently for updates.

MySQL

Default Databases

•

mysql

(Privileged)

•

information_schema

(Version >= 5)Comment Out Query

•

#

•

/*

•

-- -

•

;%00

•

`

Example:

•

' OR 1=1 -- -' ORDER BY id;

•

' UNION SELECT 1, 2, 3`

Note:

The backtick can only be used to end a query when used as an alias.

Testing Injection

•

False

o

The query is invalid (MySQL errors/missing content on website)

•

True

o

The query is valid (content is displayed as usual)Strings

•

' - False

•

'' - True

•

" - False

•

"" - True

•

\

-

False

•

\\

-

True

SQL Injection Pocket Reference

Download this Document for Free Print Mobile Collections Report Document

This is a private document.

Info and Rating

Share & Embed

Related Documents

More from this user

30 p.

Recent Readcasters

Add a Comment