Category Archives: SQL injection

Examining the database in SQL injection attacks

When exploiting SQL injection vulnerabilities, it is often necessary to gather some information about the database itself. This includes the type and version of the database software and the contents of the database in terms of which tables and columns it contains. Querying the database type and version Different databases provide different ways of querying their version….

Read More

SQL injection cheat sheet

This SQL injection cheat sheet contains examples of the useful syntax that you can use to perform a variety of tasks that often arise when performing SQL injection attacks. String concatenation You can concatenate together multiple strings to make a single string. Oracle ‘foo’||’bar’ Microsoft ‘foo’+’bar’ PostgreSQL ‘foo’||’bar’ MySQL ‘foo’ ‘bar’ [Note the space between the two strings]CONCAT(‘foo’,’bar’)…

Read More