SQL Injection
Cheatsheets
SQLMaps
SQLMap can be used to detect SQL Injection.
SQLMap Level
level 1: By default
level 2: Test HTTP Cookie header
level 3: Test HTTP User-Agent/Referer headers
Automating Blind SQL injection over WebSocket with SQLMap
Here is a script that allows blind SQL Injection using SQLMap. It start a middleware server that basically:
Format the payload if needed (for example wrap it in a JSON format)
Create a WebSocket connection to actual target, receive response and extract any token if needed.
Send SQLi payload and receive Output from WebSocket.
Display the output as response
Start the server then run SQLMap with the port set on the script.
More information at https://rayhan0x01.github.io/ctf/2021/04/02/blind-sqli-over-websocket-automation.html
SQLmap Cheatsheet
Hacktricks: https://book.hacktricks.xyz/pentesting-web/sql-injection/sqlmap
Login forms
Techniques and tools used to bypass login forms using SQL Injection. The wordlist can be found here. It is taken from HackTricks.
SQL Login Bypass
NoSQL Login Bypass
Using wfuzz
Keyword FUZZ
is used to determine the parameter that will be used.
Useful options
-H
: Used to set custom header--hc/hl/hw/hh
: Hide responses with the specified code/lines/words/chars--sc/sl/sw/sh
: Show responses with the specified code/lines/words/chars-d
: request datas
Using ffuf
Useful options
-H
: Used to set custom header-d
: request datas
Using SQLmap
Load a file with -r
option.
Json injection
Replace content-type:
Content-Type: application/json
Send json payload: https://book.hacktricks.xyz/pentesting-web/nosql-injection#basic-authentication-bypass
Any forms
Json injection
JSON Injection: https://lisandre.com/archives/2286
Last updated