Skip to content

SQL Injection

Jump to bottom
Alvin Smith edited this page Feb 24, 2023 · 10 revisions

First stage

Cheat-sheet and Payload

  1. https://github.com/danielmiessler/SecLists/blob/master/Fuzzing/SQLi/Generic-SQLi.txt
  2. https://github.com/swisskyrepo/PayloadsAllTheThings/tree/master/SQL%20Injection
  3. https://www.netsparker.com/blog/web-security/sql-injection-cheat-sheet/
  4. https://github.com/payloadbox/sql-injection-payload-list

Guides & Blogs:

  1. https://www.sqlinjection.net/
  2. http://pentestmonkey.net/cheat-sheet/sql-injection/mssql-sql-injection-cheat-sheet
  3. https://github.com/trietptm/SQL-Injection-Payloads
  4. https://pentestlab.blog/2012/12/24/sql-injection-authentication-bypass-cheat-sheet
  5. https://resources.infosecinstitute.com/dumping-a-database-using-sql-injection/

Labs and practice:

  1. https://portswigger.net/web-security/sql-injection
  2. https://github.com/Audi-1/sqli-labs
  3. https://github.com/appsecco/sqlinjection-training-app
  4. https://tryhackme.com/room/gamezone
  5. https://tryhackme.com/room/avengers
  6. https://tryhackme.com/room/uopeasy
  7. https://tryhackme.com/room/jurassicpark

Oracle cheatsheet

  1. https://cheatography.com/dormidera/cheat-sheets/oracle-sql-injection/
  2. http://www.securityidiots.com/Web-Pentest/SQL-Injection/Union-based-Oracle-Injection.html

MySQL cheetsheet

  1. https://gist.github.com/bradtraversy/c831baaad44343cc945e76c2e30927b3
  2. https://gist.github.com/hofmannsven/9164408

Sqlmap DO NOT USE IN OSCP EXAM

https://gist.github.com/A1vinSmith/3121e6854de93dfea6e8ab65718d07ed

Clone this wiki locally