Edit

SQL Injection

CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

How to start

  1. Study SQL

  2. http://www.amazon.com/SQL-Injection-Attacks-Defense-Second/dp/1597499633/

  3. https://portswigger.net/web-security/all-labs

  4. https://www.youtube.com/watch?v=du-jkS6-sbo&list=PLkiAz1NPnw8qEgzS7cgVMKavvOAdogsro

  5. https://www.netsparker.com/blog/web-security/sql-injection-cheat-sheet/

  6. https://github.com/Audi-1/sqli-labs

  7. https://rails-sqli.org/

  8. https://www.youtube.com/watch?v=VIkVqvo97Hk

  9. https://www.youtube.com/watch?v=SEuyruffJTw

LogoA Comprehensive Guide to Manually Hunting SQL Injection in MSSQL, MySQL, Oracle, and NoSQL (MongoDB)nav1n0x.gitbook.io

Methodology

Time Based SQLi Payloads

Top SQLI reports from HackerOne:

  1. SQL Injection Extracts Starbucks Enterprise Accounting, Financial, Payroll Database to Starbucks - 743 upvotes, $0

  2. SQL injection in https://labs.data.gov/dashboard/datagov/csv_to_json via User-agent to GSA Bounty - 671 upvotes, $0

  3. Time-Based SQL injection at city-mobil.ru to Mail.ru - 625 upvotes, $15000

  4. SQL injection at https://sea-web.gold.razer.com/ajax-get-status.php via txid parameter to Razer - 580 upvotes, $2000

  5. SQL Injection in https://api-my.pay.razer.com/inviteFriend/getInviteHistoryLog to Razer - 528 upvotes, $2000

  6. SQL injection on contactws.contact-sys.com in TScenObject action ScenObjects leads to remote code execution to QIWI - 469 upvotes, $0

  7. Blind SQL Injection to InnoGames - 432 upvotes, $2000

  8. SQL injection at fleet.city-mobil.ru to Mail.ru - 370 upvotes, $10000

  9. SQL Injection in report_xml.php through countryFilter[] parameter to Valve - 348 upvotes, $25000

  10. [windows10.hi-tech.mail.ru] Blind SQL Injection to Mail.ru - 329 upvotes, $5000

  11. SQL Injection on cookie parameter to MTN Group - 303 upvotes, $0

  12. [www.zomato.com] SQLi - /php/██████████ - item_id to Zomato - 289 upvotes, $4500

  13. SQL Injection at https://sea-web.gold.razer.com/lab/cash-card-incomplete-translog-resend via period-hour Parameter to Razer - 240 upvotes, $2000

  14. [api.easy2pay.co] SQL Injection at fortumo via TransID parameter [Bypassing Signature Validation🔥] to Razer - 232 upvotes, $4000

  15. Boolean-based SQL Injection on relap.io to Mail.ru - 227 upvotes, $0

  16. Blind SQL Injection in city-mobil.ru domain to Mail.ru - 224 upvotes, $2000

  17. SQL Injection in agent-manager to Acronis - 223 upvotes, $0

  18. Blind SQLi leading to RCE, from Unauthenticated access to a test API Webservice to Starbucks - 218 upvotes, $0

  19. SQL Injection in www.hyperpure.com to Zomato - 211 upvotes, $2000

  20. Blind SQL injection and making any profile comments from any users to disappear using "like" function (2 in 1 issues) to Pornhub - 210 upvotes, $0

  21. Blind SQL Injection on starbucks.com.gt and WAF Bypass :* to Starbucks - 202 upvotes, $0

  22. Remote Code Execution on contactws.contact-sys.com via SQL injection in TCertObject operation "Delete" to QIWI - 194 upvotes, $0

  23. SQLi at https://sea-web.gold.razer.com/demo-th/purchase-result.php via orderid Parameter to Razer - 183 upvotes, $2000

  24. Blind SQL injection in Hall of Fap to Pornhub - 179 upvotes, $0

  25. www.drivegrab.com SQL injection to Grab - 175 upvotes, $4500

  26. Sql injection on docs.atavist.com to Automattic - 158 upvotes, $0

  27. SQL Injection [unauthenticated] with direct output at https://news.mail.ru/ to Mail.ru - 155 upvotes, $7500

  28. bypass sql injection #1109311 to Acronis - 150 upvotes, $0

  29. SQL injection in GraphQL endpoint through embedded_submission_form_uuid parameter to HackerOne - 147 upvotes, $0

  30. SQL Injection Union Based to Automattic - 123 upvotes, $0

PreviousSession FixationNextSQL To RCE

Last updated

Was this helpful?