sqlinjection

SQL Injection Cheat Sheets Updated

I had some really detailed feedback from Bernardo Damele A. G. on the SQL Injection Cheat Sheets.  I’ve just finished updating the cheat sheets for MSSQL, Oracle, MySQL and PostgreSQL . Thanks a lot Bernardo. If anyone else has suggestions, feel free to mail pentestmonkey at pentestmonkey dot net.

Tags: , ,

Posted in: Blog

Update to Postgres SQL Injection Cheat Sheet

Reiners spotted that I hadn’t included any info about writing files via SLQ injection in PostgreSQL.  I’ve update the Postgres Cheat Sheet accordingly.  Thanks Reiners. He’s also written some detailed blogs about SQL injection in MySQL that are worth reading: MySQL Table and Column Names MySQL Into Outfile  

Tags: , , ,

Posted in: Blog

SQL Injection Where You Wouldn’t Have Thought It Possible

David Litchfield just released a new paper: “A New Class of Vulnerability in Oracle: Lateral SQL Injection“. It’s a quick read at only 4 pages and very well explained if you’re a pentesting-type.  Well worth a read.

Tags: ,

Posted in: Blog

SQL Cheat Sheet Updates

I’ve recently updated the MySQL, MSSQL and PostgreSQL cheat sheets with some notes on creating and deleting users.  Info on granting DBA rights is also included. This is useful for those situtations where you’ve found a SQL inject as a privileged user and also have have access to the database port (1433/TCP or whatever).

Tags: ,

Posted in: Blog

Update: MSSQL Injection Cheat Sheet

I just made some minor additions to the MSSQL Injection Cheat Sheet : Creating Users Deleting Users Assigning Users the DBA privilege

Tags: ,

Posted in: Blog

Updated Postgres SQL Injection Cheat Sheet

I just put some finishing touches to the PostgreSQL Injection Cheat Sheet .  All the TODO items have been removed now.  Let me know if you have any extra info you think should be included on the cheat sheet.

Tags: , ,

Posted in: Blog

Updated Postgres SQL Injection Cheat Sheet

I just read Nico Leidecker’s Having Fun With Postgres paper.  He mostly talks about the dblink function which is sometimes enabled in Postgres – it’s a bit like MSSQL’s openrowset .  There’s also some good generic advice on what to do when you get DBA access – like exeucting OS-level commands.  I’ve updated the cheat [...]

Tags: , ,

Posted in: Blog

Update to MySQL Injection Cheat Sheet

I just added some more notes to the MySQL Injection Cheat Sheet about command executation, file upload, privilege enumeration, casting, avoiding quotes and more.  The cheat sheet is reasonably complete now.

Tags: , ,

Posted in: Blog

MSSQL Injection Cheat Sheet

Some useful syntax reminders for SQL Injection into MSSQL databases…

Tags: , ,

Posted in: SQL Injection

Oracle SQL Injection Cheat Sheet

Some useful syntax reminders for SQL Injection into Oracle databases…

Tags: , , , ,

Posted in: SQL Injection