Nytro Posted April 29, 2011 Report Posted April 29, 2011 SQL Injection Cheat SheetFerruh Mavituna LogoSQL Injection Cheat SheetEtiketler sql injection, security, web application security, web uygulamasi guvenligi, english, 15.03.2007Find and exploit SQL Injections, Local File Inclusion, XSS and many other issues with Netsparker Web Application Security Scanner SQL Injection Cheat Sheet, Document Version 1.4About SQL Injection Cheat SheetCurrently only for MySQL and Microsoft SQL Server, some ORACLE and some PostgreSQL. Most of samples are not correct for every single situation. Most of the real world environments may change because of parenthesis, different code bases and unexpected, strange SQL sentences.Samples are provided to allow reader to get basic idea of a potential attack and almost every section includes a brief information about itself.M : MySQLS : SQL ServerP : PostgreSQLO : Oracle+ : Possibly all other databasesExamples; (MS) means : MySQL and SQL Server etc. (M*S) means : Only in some versions of MySQL or special conditions see related note and SQL ServerTable Of Contents About SQL Injection Cheat Sheet Syntax Reference, Sample Attacks and Dirty SQL Injection Tricks Line Comments SQL Injection Attack Samples Inline Comments Classical Inline Comment SQL Injection Attack Samples MySQL Version Detection Sample Attacks Stacking Queries Language / Database Stacked Query Support Table About MySQL and PHP Stacked SQL Injection Attack Samples If Statements MySQL If Statement SQL Server If Statement If Statement SQL Injection Attack Samples Using Integers String Operations String Concatenation Strings without Quotes Hex based SQL Injection Samples String Modification & Related Union Injections UNION – Fixing Language Issues Bypassing Login Screens Enabling xp_cmdshell in SQL Server 2005 Other parts are not so well formatted but check out by yourself, drafts, notes and stuff, scroll down and see.Articol:http://ferruh.mavituna.com/sql-injection-cheatsheet-oku/Cititi... Quote
