SQL Injection Cheat Sheet

by do son · Published · Updated

Undoubtedly one of the most famous and important in the world of Hacking and PenTest attacks are SQL injections , this is because the vast majority of systems use managers SQL Databases since in the past for incorrect protocols security was very high number of systems and websites vulnerable to such attacks. Although safety is already an issue that is taken seriously, there are still many systems vulnerable to these attacks and SQLi remain the first letter under the sleeve of many hackers.

There exists a myriad of tools that help exploiting a vulnerability of this type, but these tools are not foolproof and in many cases can not be used, delivered false negatives or make a lot of noise by the number of queries that (in some cases generate even two).
 If you are interested in the world of Hacking and PenTest you have to learn SQL Databases and then understand and investigate the SQL Injections, which is why I leave a small and very complete SQL Injection Cheat Sheet.
In the blog Netsparker have updated one of the best SQL Injection Cheat Sheet that could be found on the web. In it you can find different types of techniques for verifying a SQLi, as well as attacks syntax depending Manager Database as the language in which the vulnerable application is programmed. Here is the table of contents:
    1. Line Comments
    2. Inline Comments
    3. Stacking Queries
    4. If Statements
    5. Using Integers
    6. String Operations
    7. Strings without Quotes
    8. String Modification & Related
    9. Union Injections
    10. Bypassing Login Screens
    11. Enabling xp_cmdshell in SQL Server 2005
    12. Finding Database Structure in SQL Server
    13. Fast way to extract data from Error Based SQL Injections in SQL Server
    14. Blind SQL Injections
    15. Covering Your Tracks
    16. Extra MySQL Notes
    17. Second Order SQL Injections
    18. Out of Band (OOB) Channel Attacks

Link: SQL Injection Cheat Sheet

Tags: sql injection