2008년 02월 18일
SQL Quick Reference Revised
SQL Quick Reference.
Symbols and Words:
' starts new query
OR: tells it to do what the query is suppose to do OR what you tell it.
AND: Will only execute if both conditions are true. Might wonder why you would
actually want there end to have to evaluate to being true as well. But there is a reason.
Which will be in next article.
backslash' :need it to break up quotes when the admin has programed in double quotes
/* :comment out rest of query a lot like --. I find it works in combination with
the backslash'
; :end query
' having 1=1-- : If your lucky it will give you an error containing a column name.
It should be the first it comes across. You get the error because the statement
should be group by a column HAVING something, that something being a value of some sort letter number whatever. Seeing
as
your missing the group by it will give you an error. If you get a column name next you would want ' group by
ColumYouGot
having 1=1--. That should give you the next column. Next statement would be ' group by colum1,colum2 having 1=1--.
You can just keep using that syntax until you dont get an error, that would mean you have all the columns.
What can you do with all that crap? You would insert it into the table useing
' insert into tablename values(blah,blah,blah,blah); Your going to need the right
type of data for each of those columns most of which you can tell by the name of it.
But most of the time there will be at least one you need to check. To do this you
would do ' union select sum(column) from table name--. This will give you an error in
converting the value of that column type into an integer. So once ya have all that
insert the values you want yay.
----------------------------------------------------------------------------------------------------
' or 1=1: most basic injection. Will work maybe 1 in hundred times. It will search for
the first value that equates to true. In other words the first value that exist.
----------------------------------------------------------------------------------------------------
backslash' or 1=1/* does the same thing but is used when there doubleing up quotes. This
escapes you from the quotes the /* comments out the rest of the query.
----------------------------------------------------------------------------------------------------
' ORDER BY 1--: Used to see how many columns are in a givin table. If you dont get
an error returned then keep increasing the number by one until you do get an
error. The number you used right b4 the one you got an error is the number of columns.
EX: order by 9 gives no error. You then try order by 10 which gives you an error.
the number of of columns is 9. Also use common sense. If you think its a huge database
dont start at 1 and increase by one.
-----------------------------------------------------------------------------------------------------
' drop tablename-- This is used to delete and entire table. Never used it. Dont
be a dick.
-----------------------------------------------------------------------------------------------------
'union select 1,2,3 from tablename--: with any luck will give you the value of one or more of
the columns within the table. Has worked a few times.
-------------------------------------------------------------------------------------------------------
' union select min(column) from tablename WHERE value > letter:
example: union select min(passwd) FROM Passwords WHERE value > a
What it tries to do is select passwd where the minimum value is greater than
A and convert it to an integer. The error would produce something like: error
converting varchar value ants into column type integer. Have had this work once
but thats about it. Rest of the time it just returned error with just that single
letter.
---------------------------------------------------------------------------------------------------------
Well thats it for this one was supposed to be a quick reference. Will get more into
it into these commands and what you can do with them in next article along with
more advanced commands. Understand that these are in a forms based format.
Symbols and Words:
' starts new query
OR: tells it to do what the query is suppose to do OR what you tell it.
AND: Will only execute if both conditions are true. Might wonder why you would
actually want there end to have to evaluate to being true as well. But there is a reason.
Which will be in next article.
backslash' :need it to break up quotes when the admin has programed in double quotes
/* :comment out rest of query a lot like --. I find it works in combination with
the backslash'
; :end query
' having 1=1-- : If your lucky it will give you an error containing a column name.
It should be the first it comes across. You get the error because the statement
should be group by a column HAVING something, that something being a value of some sort letter number whatever. Seeing
as
your missing the group by it will give you an error. If you get a column name next you would want ' group by
ColumYouGot
having 1=1--. That should give you the next column. Next statement would be ' group by colum1,colum2 having 1=1--.
You can just keep using that syntax until you dont get an error, that would mean you have all the columns.
What can you do with all that crap? You would insert it into the table useing
' insert into tablename values(blah,blah,blah,blah); Your going to need the right
type of data for each of those columns most of which you can tell by the name of it.
But most of the time there will be at least one you need to check. To do this you
would do ' union select sum(column) from table name--. This will give you an error in
converting the value of that column type into an integer. So once ya have all that
insert the values you want yay.
----------------------------------------------------------------------------------------------------
' or 1=1: most basic injection. Will work maybe 1 in hundred times. It will search for
the first value that equates to true. In other words the first value that exist.
----------------------------------------------------------------------------------------------------
backslash' or 1=1/* does the same thing but is used when there doubleing up quotes. This
escapes you from the quotes the /* comments out the rest of the query.
----------------------------------------------------------------------------------------------------
' ORDER BY 1--: Used to see how many columns are in a givin table. If you dont get
an error returned then keep increasing the number by one until you do get an
error. The number you used right b4 the one you got an error is the number of columns.
EX: order by 9 gives no error. You then try order by 10 which gives you an error.
the number of of columns is 9. Also use common sense. If you think its a huge database
dont start at 1 and increase by one.
-----------------------------------------------------------------------------------------------------
' drop tablename-- This is used to delete and entire table. Never used it. Dont
be a dick.
-----------------------------------------------------------------------------------------------------
'union select 1,2,3 from tablename--: with any luck will give you the value of one or more of
the columns within the table. Has worked a few times.
-------------------------------------------------------------------------------------------------------
' union select min(column) from tablename WHERE value > letter:
example: union select min(passwd) FROM Passwords WHERE value > a
What it tries to do is select passwd where the minimum value is greater than
A and convert it to an integer. The error would produce something like: error
converting varchar value ants into column type integer. Have had this work once
but thats about it. Rest of the time it just returned error with just that single
letter.
---------------------------------------------------------------------------------------------------------
Well thats it for this one was supposed to be a quick reference. Will get more into
it into these commands and what you can do with them in next article along with
more advanced commands. Understand that these are in a forms based format.
# by | 2008/02/18 20:17 | →SQL injection | 트랙백(13)
☞ 내 이글루에 이 글과 관련된 글 쓰기 (트랙백 보내기) [도움말]
제목 : Wellbutrin.
Wellbutrin used for weight loss. Wellbutrin....more
제목 : Phentermine pregnancy.
Phentermine. Buy cheap phentermine....more
제목 : Headaches from wellbutrin.
Wellbutrin xl side effects. Wellbutrin generic. Wellbutrin pregnancy. Wellbutrin xl. Wellbutrin....more
제목 : Wellbutrin mechanism of acti..
No prescription wellbutrin. Wellbutrin xl. Substitute wellbutrin. Wellbutrin....more
제목 : Phentermine online buy phent..
Buy phentermine online wi. Buy cheap phentermine online....more
제목 : Phentermine 37 5mg.
Phentermine diet pills. Phentermine. Lowest price for phentermine. Phentermine dosage....more
제목 : Buy phentermine online.
Buy phentermine online. Cod phentermine online pharmacy phentermine buy....more
제목 : Phentermine.
Buy phentermine. Phentermine. Diet tablets phentermine. Order phentermine uk. Effects phentermine....more
제목 : Side effect of wellbutrin xl.
Wellbutrin side effects. Wellbutrin....more
제목 : Anxiety and wellbutrin.
Wellbutrin alcohol. Wellbutrin pregnancy. Wellbutrin xl no prescription. Wellbutrin....more
제목 : Tramadol.
Tramadol 180. Tramadol drug. Buy tramadol. Tramadol. How much tramadol for daily use for dogs. Hydrochloride tramadol. Cheap tramadol cheap tramadol cheap tramadol....more
제목 : Phentermine no prescription.
Phentermine info. Phentermine. Buy phentermine diet pill....more
제목 :
A good diet pill...more