Pentestmonkey Sql Injection Cheat Sheet

Posted : admin | On 30-04-2021



SQL-Injection-cheat-sheet

I’m sure we all (pentesters) make extensive use of pentestmonkey’s SQL injection cheat sheets. They are touchstones when it comes down to SQL injection, and most of the time they save the day. However, DB2 cheat sheet is one of the less complete in pentestmonkey’s website. Some useful syntax reminders for SQL Injection into Oracle databases This post is part of a series of SQL Injection Cheat Sheets. In this series, I’ve endevoured to tabulate the data to make it easier to read and to use the same table for for each database backend. Following on from my MySQL Injection Practical Cheat Sheet here is the MSSQL version. As before, I will list the injections by their categories: union.

A list of interesting payloads, tips and tricks for bug bounty hunters. EdOverflow/bugbounty-cheatsheet. It’s not a guide on SQL Injection but more of a brain dump which I used during the labs and exam.- The easiest way to use it would be put all the strings in a text file and run using Burp Suite’s Intruder function(or tab, what ever you call it) to pass the values one by one.

  • First try to figure out the vulnerable parameter
Pentestmonkey Sql Injection Cheat Sheet

NOTE: If it’s a GET request don’t forget to url encode the characters.

Try with blind injection payloads if above commands does not produce error

Try if above queries work by appending comment at the end

  • Now that we know the vulnerable parameter, let’s try guessing the table name:
  • Guessing Columns:
  • Now determine number of columns in the current table

let say there are 3 columns

  • Now determine vulnerable columns or columns which are visible
Download

Else try

Sheet

Now, lets say column 1,2 are shown in web page

  • To futher enumerate

Let say the database name is public and table name is info with two columns in it id and name.

  • BYPASSING filters

we can use case switching or commenting to bypass basic filters

  • For Oracle DB

Oracle does not have information schema and thus we need some alternatives for it. The link below can be helpful.

Postgresql Sql Injection Cheat Sheet

https://stackoverflow.com/questions/8739203/oracle-query-to-fetch-column-names

  • For Adanced exploitation, we may use sqlmap

Useful Resources

Pentestmonkey Sql Injection Cheat Sheet 2019

Injection

Sql Quick Reference Sheet

Pentestmonkey

http://pentestmonkey.net/cheat-sheet/sql-injection/mssql-sql-injection-cheat-sheet

http://garage4hackers.com/showthread.php?t=1990