Posts

Showing posts from May, 2019

MySQL SQL Injection Cheat Sheet

From http://pentestmonkey.net/cheat-sheet/sql-injection/mysql-sql-injection-cheat-sheet MySQL SQL Injection Cheat Sheet Some useful syntax reminders for SQL Injection into MySQL databases… This post is part of a series of SQL Injection Cheat Sheets.  In this series, I’ve endevoured to tabulate the data to make it easier to read and to use the same table for for each database backend.  This helps to highlight any features which are lacking for each database, and enumeration techniques that don’t apply and also areas that I haven’t got round to researching yet. The complete list of SQL Injection Cheat Sheets I’m working is: Oracle MSSQL MySQL PostgreSQL Ingres DB2 Informix I’m not planning to write one for MS Access, but there’s a great  MS Access Cheat Sheet here . Some of the queries in the table below can only be run by an admin. These are marked with “– priv” at the end of the query. Version SELECT @@version Comments SELECT 1; #comment SELECT /*comment*/