SQL Injection Cheat Sheet


SUBMITTED BY: Guest

DATE: Sept. 23, 2013, 7:47 p.m.

FORMAT: Text only

SIZE: 3.5 kB

HITS: 1548

  1. SQL Injection Cheat Sheet
  2. SQL Injection Cheat Sheet
  3. SQL Injection Cheat Sheet
  4. Find and exploit SQL Injections with free Netsparker http://www.mavitunasecurity.com/communityedition SQL Injection Scanner SQL Injection Cheat Sheet, Document Version 1.4
  5. Currently only for MySQL and Microsoft SQL Server, some ORACLE and some PostgreSQL. Most of samples are not correct for every single situation. Most of the real world environments may change because of parenthesis, different code bases and unexpected, strange SQL sentences.
  6. Samples are provided to allow reader to get basic idea of a potential attack and almost every section includes a brief information about itself.
  7. M : MySQL
  8. S : SQL Server
  9. P : PostgreSQL
  10. O : Oracle
  11. + : Possibly all other databases
  12. Examples;
  13. (MS) means : MySQL and SQL Server etc.
  14. (M*S) means : Only in some versions of MySQL or special conditions see related note and SQL Server
  15. Code: SELECT ALL
  16. [*]About SQL Injection Cheat Sheet : http://ferruh.mavituna.com/sql-injection...oku/#about
  17. [*]Syntax Reference, Sample Attacks and Dirty SQL Injection Tricks :http://ferruh.mavituna.com/sql-injection-cheatsheet-oku/#SyntaxBasicAttacks
  18. [*]Line Comments : http://ferruh.mavituna.com/sql-injection...neComments
  19. [*]SQL Injection Attack Samples : http://ferruh.mavituna.com/sql-injection...entAttacks
  20. [*]Inline Comments  : http://ferruh.mavituna.com/sql-injection...neComments
  21. [*]Classical Inline Comment SQL Injection Attack Samples : http://ferruh.mavituna.com/sql-injection...ineSamples
  22. [*]MySQL Version Detection Sample Attacks : http://ferruh.mavituna.com/sql-injection...ineSamples
  23. [*]]Stacking Queries : http://ferruh.mavituna.com/sql-injection...ingQueries
  24. [*]Language / Database Stacked Query Support Table : http://ferruh.mavituna.com/sql-injection...ngDbFigure
  25. [*]About MySQL and PHP : http://ferruh.mavituna.com/sql-injection...ySQLandPHP
  26. [*]Stacked SQL Injection Attack Samples : http://ferruh.mavituna.com/sql-injection...kedSamples
  27. [*]If Statements : http://ferruh.mavituna.com/sql-injection...Statements
  28. [LIST]
  29. [*]MySQL If Statement : http://ferruh.mavituna.com/sql-injection...u/#MySQLIf
  30. [*]SQL Server If Statement : http://ferruh.mavituna.com/sql-injection...QLServerIf
  31. [*]If Statement SQL Injection Attack Samples  : http://ferruh.mavituna.com/sql-injection...Statements
  32.       
  33. [*]Using Integers : http://ferruh.mavituna.com/sql-injection...ngIntegers
  34. [*]String  Operations : http://ferruh.mavituna.com/sql-injection...Operations
  35. [*]String Concatenation : http://ferruh.mavituna.com/sql-injection...ringConcat
  36.       
  37. [*]Strings without Quotes : http://ferruh.mavituna.com/sql-injection...houtQuotes
  38. [*][Hex based SQL Injection Samples : http://ferruh.mavituna.com/sql-injection...sedSamples
  39. [*]String Modification & Related : http://ferruh.mavituna.com/sql-injection...dification
  40. [*]Union Injections : http://ferruh.mavituna.com/sql-injection...Injections
  41. [*]UNION – Fixing Language Issues : http://ferruh.mavituna.com/sql-injection...uageIssues
  42. [*]Bypassing Login Screens : http://ferruh.mavituna.com/sql-injection...ginScreens
  43. [*]Enabling xp_cmdshell in SQL Server 2005 : http://ferruh.mavituna.com/sql-injection...lecmdshell
  44. [*]Other parts are not so well formatted but check out by yourself, drafts, notes and stuff, scroll down and see.

comments powered by Disqus