SQL Injection Knowledge Base
A comprehensive resource for SQL injection techniques, examples, and bypasses across multiple database platforms.
MySQL
Basics
-
Default Databases
Information about MySQL's default database systems
-
MySQL Intro
Overview of MySQL SQL injection techniques and categories
-
Testing Injection
Techniques for testing SQL injection vulnerabilities in MySQL
-
Comment Out Query
Techniques for commenting out the remainder of SQL queries in MySQL
Information Gathering
-
Testing Version
Techniques for determining MySQL version information
-
Database Credentials
How to retrieve database credentials in MySQL
-
Database Names
How to extract database names from MySQL
-
Server Hostname
How to retrieve the server hostname in MySQL
-
Server MAC Address
How to retrieve the server MAC address in MySQL
-
Tables and Columns
How to discover and extract table and column information in MySQL
-
Privileges
Understanding and checking MySQL privileges for SQL injection attacks
Injection Techniques
Authentication
File Operations
Advanced Techniques
-
Out of Band Channeling
Techniques for exfiltrating data through out-of-band channels in MySQL
-
Stacked Queries
Executing multiple SQL statements in a single injection
-
MySQL-specific Code
MySQL-specific syntax and techniques for SQL injection
-
Fuzzing and Obfuscation
Techniques for bypassing WAFs and filters in MySQL injection
MariaDB
Basics
-
Default Databases
Information about MariaDB's default database systems
-
MariaDB Intro
Overview of MariaDB SQL injection techniques and categories
-
Testing Injection
Techniques for testing SQL injection vulnerabilities in MariaDB
-
Comment Out Query
Techniques for commenting out the remainder of SQL queries in MariaDB
Information Gathering
-
Testing Version
Techniques for determining MariaDB version information
-
Database Credentials
How to retrieve database credentials in MariaDB
-
Database Names
How to extract database names from MariaDB
-
Server Hostname
How to retrieve the server hostname and system information in MariaDB
-
Server MAC Address
How to retrieve the server MAC address via UUID in MariaDB
-
Tables and Columns
How to discover and extract table and column information in MariaDB
-
Privileges
Understanding and checking MariaDB privileges for SQL injection attacks
Injection Techniques
Authentication
File Operations
Advanced Techniques
-
Out of Band Channeling
Techniques for exfiltrating data through out-of-band channels in MariaDB
-
Stacked Queries
Executing multiple SQL statements in a single injection
-
MariaDB-specific Code
MariaDB-specific syntax and techniques for SQL injection
-
Fuzzing and Obfuscation
Techniques for bypassing WAFs and filters in MariaDB injection
MSSQL
Basics
Information Gathering
-
Database Credentials
How to extract database credentials from Microsoft SQL Server
-
Database Names
How to retrieve database names from Microsoft SQL Server
-
Server Hostname
How to retrieve the server hostname in Microsoft SQL Server
-
Tables and Columns
How to discover and extract table and column information in MSSQL
Injection Techniques
Authentication
File Operations
Advanced Techniques
-
OPENROWSET Attacks
Exploiting OPENROWSET functionality in MSSQL for advanced attacks
-
System Command Execution
Techniques for executing operating system commands through MSSQL
-
SP_PASSWORD (Hiding Query)
Using SP_PASSWORD to hide SQL queries in MSSQL logs
-
Stacked Queries
Using multiple SQL statements in a single MSSQL injection
-
Fuzzing and Obfuscation
Techniques for bypassing defenses in MSSQL injection
Oracle
Basics
Information Gathering
-
Database Credentials
How to extract Oracle database user credentials through SQL injection
-
Database Names
How to enumerate database names in Oracle
-
Server Hostname
Techniques to retrieve the Oracle database server hostname information
-
Tables and Columns
Methods to enumerate database tables and columns in Oracle
-
Privileges
Analyzing and exploiting Oracle database privileges in SQL injection
Injection Techniques
-
Avoiding Quotations
Techniques to bypass quotation filters in Oracle SQL injection
-
String Concatenation
Techniques for concatenating strings in Oracle SQL injection
-
Conditional Statements
Using Oracle conditional expressions for SQL injection attacks
-
Timing
Using time-based techniques for Oracle SQL injection attacks
Authentication
PostgreSQL
Basics
-
PostgreSQL Intro
Overview of PostgreSQL SQL injection techniques and categories
-
Default Databases
Information about PostgreSQL's default database systems
-
Comment Out Query
Techniques for commenting out the remainder of SQL queries in PostgreSQL
-
Testing Injection
Methods to verify if a PostgreSQL injection point exists
Information Gathering
-
Testing Version
Techniques for determining PostgreSQL version information
-
Database Names
How to retrieve database names in PostgreSQL
-
Server Hostname
Obtaining the PostgreSQL server hostname and network information
-
Server MAC Address
Techniques to retrieve server hardware information in PostgreSQL
-
Tables and Columns
How to discover and extract table and column information in PostgreSQL
-
Database Credentials
How to retrieve database credentials in PostgreSQL
-
Privileges
Understanding and checking PostgreSQL privileges for SQL injection attacks
Injection Techniques
-
Avoiding Quotations
Techniques to avoid using quotes in PostgreSQL injection
-
String Concatenation
Methods for string concatenation in PostgreSQL
-
Conditional Statements
Using conditional logic in PostgreSQL injections
-
Timing
Using time-based techniques in PostgreSQL injections
-
Stacked Queries
Executing multiple SQL statements in a single injection
Authentication
File Operations
Advanced Techniques
-
Out of Band Channeling
Techniques for exfiltrating data through out-of-band channels in PostgreSQL
-
Command Execution
Executing operating system commands through PostgreSQL
-
PostgreSQL-specific Code
PostgreSQL-specific syntax and techniques for SQL injection
-
Fuzzing and Obfuscation
Techniques for bypassing WAFs and filters in PostgreSQL injection
-
Configuration File Exploitation
Exploiting PostgreSQL configuration files for command execution
-
Privilege Enumeration and Escalation
Techniques for enumerating privileges and escalating access in PostgreSQL