hackeyes/Advanced-SQL-Injection-Cheatsheet

A cheat sheet that contains advanced queries for SQL Injection of all types.

Advanced SQL Injection Cheatsheet

This repository contains a advanced methodology of all types of SQL Injection.

General Process:

• Find injection point
• Understand the website behaviour
• Send queries for enumeration
• Understanding WAF & bypass it
• Dump the database

Cheat Sheet Tree

MySQL Injection Cheatsheet

• Error- or UNION-based SQLi

  • Routed queries (Advanced WAF Bypass)
  • Bypass Error: The used SELECT statements have a different number of columns
  • New attacking vectors (Bypassing WAF)
    • The Alternative way of using And 0
    • The Alternative WAY of using Null

• Boolean-based (content-based) Blind SQLi

• Stabilise & Whitespace Filter Bypass

• Privilege Escalation

PostgreSQL Injection Cheatsheet

• Error- or UNION-based SQLi

Oracle Injection Cheatsheet

• To be added...

MSSQL Injection Cheatsheet

• Error- or UNION-based SQLi
• Privilege Escalation