SQL Injection Cheat Sheet
Undoubtedly one of the most famous and important in the world of Hacking and PenTest attacks are SQL injections , this is because the vast majority of systems use managers SQL Databases since in the past for incorrect protocols security was very high number of systems and websites vulnerable to such attacks. Although safety is already an issue that is taken seriously, there are still many systems vulnerable to these attacks and SQLi remain the first letter under the sleeve of many hackers.
There exists a myriad of tools that help exploiting a vulnerability of this type, but these tools are not foolproof and in many cases can not be used, delivered false negatives or make a lot of noise by the number of queries that (in some cases generate even two).
If you are interested in the world of Hacking and PenTest you have to learn SQL Databases and then understand and investigate the SQL Injections, which is why I leave a small and very complete SQL Injection Cheat Sheet.
In the blog Netsparker have updated one of the best SQL Injection Cheat Sheet that could be found on the web. In it you can find different types of techniques for verifying a SQLi, as well as attacks syntax depending Manager Database as the language in which the vulnerable application is programmed. Here is the table of contents:
-
- Line Comments
- Inline Comments
- Stacking Queries
- If Statements
- Using Integers
- String Operations
- Strings without Quotes
- String Modification & Related
- Union Injections
- Bypassing Login Screens
- Enabling xp_cmdshell in SQL Server 2005
- Finding Database Structure in SQL Server
- Fast way to extract data from Error Based SQL Injections in SQL Server
- Blind SQL Injections
- Covering Your Tracks
- Extra MySQL Notes
- Second Order SQL Injections
- Out of Band (OOB) Channel Attacks
