Jump to content
Nytro

SQL Injection Cheat Sheet

By Nytro, in Tutoriale in engleza

Recommended Posts

Nytro Mentor

Nytro

Posted
Posted

SQL Injection Cheat Sheet

Ferruh Mavituna Logo

SQL Injection Cheat Sheet

Etiketler sql injection, security, web application security, web uygulamasi guvenligi, english, 15.03.2007

Find and exploit SQL Injections, Local File Inclusion, XSS and many other issues with Netsparker Web Application Security Scanner

SQL Injection Cheat Sheet, Document Version 1.4

About SQL Injection Cheat Sheet

Currently only for MySQL and Microsoft SQL Server, some ORACLE and some PostgreSQL. Most of samples are not correct for every single situation. Most of the real world environments may change because of parenthesis, different code bases and unexpected, strange SQL sentences.

Samples are provided to allow reader to get basic idea of a potential attack and almost every section includes a brief information about itself.

M : MySQL

S : SQL Server

P : PostgreSQL

O : Oracle

+ : Possibly all other databases

Examples;

(MS) means : MySQL and SQL Server etc.

(M*S) means : Only in some versions of MySQL or special conditions see related note and SQL Server

Table Of Contents

    About SQL Injection Cheat Sheet
    Syntax Reference, Sample Attacks and Dirty SQL Injection Tricks
        Line Comments
            SQL Injection Attack Samples
        Inline Comments
            Classical Inline Comment SQL Injection Attack Samples
            MySQL Version Detection Sample Attacks
        Stacking Queries
            Language / Database Stacked Query Support Table
            About MySQL and PHP
            Stacked SQL Injection Attack Samples
        If Statements
            MySQL If Statement
            SQL Server If Statement
            If Statement SQL Injection Attack Samples
        Using Integers
        String  Operations
            String Concatenation
        Strings without Quotes
            Hex based SQL Injection Samples
        String Modification & Related
        Union Injections
            UNION – Fixing Language Issues
        Bypassing Login Screens
        Enabling xp_cmdshell in SQL Server 2005
        Other parts are not so well formatted but check out by yourself, drafts, notes and stuff, scroll down and see.

Articol:

http://ferruh.mavituna.com/sql-injection-cheatsheet-oku/

Cititi... :)

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
Go to topic listing
×
×
  • Create New...