Jump to content
Nytro

SQL Injection Cheat Sheet

By Nytro, in Tutoriale in engleza

Recommended Posts

Nytro Mentor

Nytro

Posted
Posted

[h=1]SQL Injection Cheat Sheet[/h]

08/12/2011

Find and exploit SQL Injections with free Netsparker

SQL Injection Scanner

SQL Injection Cheat Sheet, Document Version 1.4

[h=2]About SQL Injection Cheat Sheet[/h] Currently only for MySQL and Microsoft SQL Server, some ORACLE and some PostgreSQL. Most of samples are not correct for every single situation. Most of the real world environments may change because of parenthesis, different code bases and unexpected, strange SQL sentences.

Samples are provided to allow reader to get basic idea of a potential attack and almost every section includes a brief information about itself.

[TABLE]

[TR]

[TD=align: right]M : [/TD]

[TD]MySQL [/TD]

[/TR]

[TR]

[TD=align: right]S : [/TD]

[TD]SQL Server[/TD]

[/TR]

[TR]

[TD=align: right]P : [/TD]

[TD]PostgreSQL[/TD]

[/TR]

[TR]

[TD=align: right]O : [/TD]

[TD]Oracle[/TD]

[/TR]

[TR]

[TD=align: right]+ : [/TD]

[TD]Possibly all other databases [/TD]

[/TR]

[/TABLE]

[h=5]Examples;[/h]

  • (MS) means : MySQL and SQL Server etc.
  • (M*S) means : Only in some versions of MySQL or special conditions see related note and SQL Server

[h=2]Table Of Contents[/h]  
[LIST=1]
[*][URL="http://ferruh.mavituna.com/sql-injection-cheatsheet-oku/#about"]About SQL Injection Cheat Sheet [/URL]
[*][URL="http://ferruh.mavituna.com/sql-injection-cheatsheet-oku/#SyntaxBasicAttacks"]Syntax Reference, Sample Attacks and Dirty SQL Injection Tricks [/URL]
[LIST=1]
[*][URL="http://ferruh.mavituna.com/sql-injection-cheatsheet-oku/#LineComments"]Line Comments [/URL]
[LIST]
[*][URL="http://ferruh.mavituna.com/sql-injection-cheatsheet-oku/#LineCommentAttacks"]SQL Injection Attack Samples[/URL]
[/LIST]

[*][URL="http://ferruh.mavituna.com/sql-injection-cheatsheet-oku/#InlineComments"]Inline Comments [/URL]
[LIST]
[*][URL="http://ferruh.mavituna.com/sql-injection-cheatsheet-oku/#InlineSamples"]Classical Inline Comment SQL Injection Attack Samples[/URL]
[*][URL="http://ferruh.mavituna.com/sql-injection-cheatsheet-oku/#MySQLInlineSamples"]MySQL Version Detection Sample Attacks[/URL]
[/LIST]

[*][URL="http://ferruh.mavituna.com/sql-injection-cheatsheet-oku/#StackingQueries"]Stacking Queries[/URL]
[LIST]
[*][URL="http://ferruh.mavituna.com/sql-injection-cheatsheet-oku/#LangDbFigure"]Language / Database Stacked Query Support Table [/URL]
[*][URL="http://ferruh.mavituna.com/sql-injection-cheatsheet-oku/#AboutMySQLandPHP"]About MySQL and PHP[/URL]
[*][URL="http://ferruh.mavituna.com/sql-injection-cheatsheet-oku/#StackedSamples"]Stacked SQL Injection Attack Samples[/URL]
[/LIST]

[*][URL="http://ferruh.mavituna.com/sql-injection-cheatsheet-oku/#IfStatements"]If Statements[/URL]
[LIST]
[*][URL="http://ferruh.mavituna.com/sql-injection-cheatsheet-oku/#MySQLIf"]MySQL If Statement[/URL]
[*][URL="http://ferruh.mavituna.com/sql-injection-cheatsheet-oku/#SQLServerIf"]SQL Server If Statement [/URL]
[*][URL="http://ferruh.mavituna.com/sql-injection-cheatsheet-oku/#SampleIfStatements"]If Statement SQL Injection Attack Samples [/URL]
[/LIST]

[*][URL="http://ferruh.mavituna.com/sql-injection-cheatsheet-oku/#UsingIntegers"]Using Integers [/URL]
[*][URL="http://ferruh.mavituna.com/sql-injection-cheatsheet-oku/#StringOperations"]String  Operations[/URL]
[LIST]
[*][URL="http://ferruh.mavituna.com/sql-injection-cheatsheet-oku/#StringConcat"]String Concatenation [/URL]
[/LIST]

[*][URL="http://ferruh.mavituna.com/sql-injection-cheatsheet-oku/#StringwithoutQuotes"]Strings without Quotes[/URL]
[LIST]
[*][URL="http://ferruh.mavituna.com/sql-injection-cheatsheet-oku/#HexbasedSamples"]Hex based SQL Injection Samples[/URL]
[/LIST]

[*][URL="http://ferruh.mavituna.com/sql-injection-cheatsheet-oku/#StringModification"]String Modification & Related [/URL]
[*][URL="http://ferruh.mavituna.com/sql-injection-cheatsheet-oku/#UnionInjections"]Union Injections[/URL]
[LIST]
[*][URL="http://ferruh.mavituna.com/sql-injection-cheatsheet-oku/#UnionLanguageIssues"]UNION – Fixing Language Issues[/URL]
[/LIST]

[*][URL="http://ferruh.mavituna.com/sql-injection-cheatsheet-oku/#ByPassingLoginScreens"]Bypassing Login Screens[/URL]
[*][URL="http://ferruh.mavituna.com/sql-injection-cheatsheet-oku/#Enablecmdshell"]Enabling xp_cmdshell in SQL Server 2005 [/URL]
[*][I]Other parts are not so well formatted but check out by yourself, drafts, notes and stuff, scroll down and see. [/I]
[/LIST]

[/LIST]

Link:

http://ferruh.mavituna.com/sql-injection-cheatsheet-oku/

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
Go to topic listing
×
×
  • Create New...