SQL Injection Cheat Sheet

SUBMITTED BY: Guest

DATE: Sept. 23, 2013, 7:47 p.m.

FORMAT: Text only

SIZE: 3.5 kB

Raw Download

HITS: 1534

Report
  1. SQL Injection Cheat Sheet
  2. SQL Injection Cheat Sheet
  4. SQL Injection Cheat Sheet
  6. Find and exploit SQL Injections with free Netsparker http://www.mavitunasecurity.com/communityedition SQL Injection Scanner SQL Injection Cheat Sheet, Document Version 1.4
  7. Currently only for MySQL and Microsoft SQL Server, some ORACLE and some PostgreSQL. Most of samples are not correct for every single situation. Most of the real world environments may change because of parenthesis, different code bases and unexpected, strange SQL sentences.
  9. Samples are provided to allow reader to get basic idea of a potential attack and almost every section includes a brief information about itself.
  10. M : MySQL
  11. S : SQL Server
  12. P : PostgreSQL
  13. O : Oracle
  14. + : Possibly all other databases
  15. Examples;
  17. (MS) means : MySQL and SQL Server etc.
  18. (M*S) means : Only in some versions of MySQL or special conditions see related note and SQL Server
  21. Code: SELECT ALL
  22. [*]About SQL Injection Cheat Sheet : http://ferruh.mavituna.com/sql-injection...oku/#about
  23. [*]Syntax Reference, Sample Attacks and Dirty SQL Injection Tricks :http://ferruh.mavituna.com/sql-injection-cheatsheet-oku/#SyntaxBasicAttacks
  24. [*]Line Comments : http://ferruh.mavituna.com/sql-injection...neComments
  25. [*]SQL Injection Attack Samples : http://ferruh.mavituna.com/sql-injection...entAttacks
  26. [*]Inline Comments  : http://ferruh.mavituna.com/sql-injection...neComments
  27. [*]Classical Inline Comment SQL Injection Attack Samples : http://ferruh.mavituna.com/sql-injection...ineSamples
  28. [*]MySQL Version Detection Sample Attacks : http://ferruh.mavituna.com/sql-injection...ineSamples
  29. [*]]Stacking Queries : http://ferruh.mavituna.com/sql-injection...ingQueries
  30. [*]Language / Database Stacked Query Support Table : http://ferruh.mavituna.com/sql-injection...ngDbFigure
  31. [*]About MySQL and PHP : http://ferruh.mavituna.com/sql-injection...ySQLandPHP
  32. [*]Stacked SQL Injection Attack Samples : http://ferruh.mavituna.com/sql-injection...kedSamples
  34. [*]If Statements : http://ferruh.mavituna.com/sql-injection...Statements
  35. [LIST]
  36. [*]MySQL If Statement : http://ferruh.mavituna.com/sql-injection...u/#MySQLIf
  37. [*]SQL Server If Statement : http://ferruh.mavituna.com/sql-injection...QLServerIf
  38. [*]If Statement SQL Injection Attack Samples  : http://ferruh.mavituna.com/sql-injection...Statements
  39.       
  40. [*]Using Integers : http://ferruh.mavituna.com/sql-injection...ngIntegers
  41. [*]String  Operations : http://ferruh.mavituna.com/sql-injection...Operations
  42. [*]String Concatenation : http://ferruh.mavituna.com/sql-injection...ringConcat
  43.       
  44. [*]Strings without Quotes : http://ferruh.mavituna.com/sql-injection...houtQuotes
  45. [*][Hex based SQL Injection Samples : http://ferruh.mavituna.com/sql-injection...sedSamples
  46. [*]String Modification & Related : http://ferruh.mavituna.com/sql-injection...dification
  47. [*]Union Injections : http://ferruh.mavituna.com/sql-injection...Injections
  48. [*]UNION – Fixing Language Issues : http://ferruh.mavituna.com/sql-injection...uageIssues
  49. [*]Bypassing Login Screens : http://ferruh.mavituna.com/sql-injection...ginScreens
  50. [*]Enabling xp_cmdshell in SQL Server 2005 : http://ferruh.mavituna.com/sql-injection...lecmdshell
  51. [*]Other parts are not so well formatted but check out by yourself, drafts, notes and stuff, scroll down and see.
comments powered by Disqus