Awesome

Advanced SQL Injection Cheatsheet

This repository contains a advanced methodology of all types of SQL Injection.

General Process:

• Find injection point
• Understand the website behaviour
• Send queries for enumeration
• Understanding WAF & bypass it
• Dump the database

Cheat Sheet Tree

MySQL Injection Cheatsheet

• Error- or UNION-based SQLi
  • Routed queries (Advanced WAF Bypass)
  • Bypass Error: The used SELECT statements have a different number of columns
  • New attacking vectors (Bypassing WAF)
    • The Alternative way of using And 0
    • The Alternative WAY of using Null
• Boolean-based (content-based) Blind SQLi
• Time Based SQLi
• Stabilise & Whitespace Filter Bypass
• Local File Inclusion (LFI)
• Privilege Escalation

PostgreSQL Injection Cheatsheet

• Error- or UNION-based SQLi
• Local File Inclusion (LFI) (Coming soon)
• Privilege Escalation (Coming soon)

Oracle Injection Cheatsheet

• Error- or UNION-based SQLi

MSSQL Injection Cheatsheet

• Error- or UNION-based SQLi
• Privilege Escalation