Netsparker Web Application Security Scanner

Understand SQL Injection Better with the SQL Injection Cheat Sheet

Today we are going to learn What is SQL injection and cheat sheet to better understand of it.

On the web page when SQL is used to display data, then most of the time it allow user to enter the search criteria. The SQL queries on written in text format and easy to change in the code based on the entered search criteria by user. SQL injection is a technique used to inject malicious SQL statements to data-driven application for execution. It SQL injection must exploit a security vulnerability in an application’s software

The SQL Injection vulnerability is the most popular web application vulnerability. The reasons why are quite obvious; it can be easily & automatically detected, and exploited. Once exploited, the attackers can gain access to the backend database of a web application.

SQL Injection Cheat Sheet

You can find gazillion of free automated tools that allow you to scan websites for SQL injection vulnerabilities and unfortunately they are used for the wrong reason, to hack websites. As a matter of fact SQL Injection has been the number one vulnerability in all of the OWASP Top 10 since 2007, and was also included in the OWASP top 10 of 2004.

Though do not let such popularity deceive you. Even though the SQL Injection vulnerability is very easy to detect, and very popular, a lot of web applications are still vulnerability to it. Developers still write code that is vulnerable to SQL injection because even though it is popular and easy to identify, it is a very complex vulnerability.

As a penetration tester, if you had to manually check your websites for SQL injection vulnerabilities, do you think you would do a good job? Or if you are a developer, do you think you can develop a web application that is not vulnerable to SQL Injection? It is easy to find out:

  • Do you know the SQL Injection well enough?
  • Do you know about all the different types of SQL injections?
  • Do you know how many different variants of every type there is?
  • Do you know about the all different SQL injection attacks based on the target database server?

SQL Injection is a very complex vulnerability and unless you are familiar with databases, SQL code and web applications it is very difficult to understand. Hence why I would like to recommend to take a look at the SQL Injection cheat sheet from Netsparker. If you’d like to get an overview of the different sections of the SQL Injection cheat sheet, refer to the list below.

  1. Syntax Reference, Sample Attacks and Dirty SQL Injection Tricks
    1. Line Comments
    2. Inline Comments
    3. Stacking Queries
    4. If Statements
    5. Using Integers
    6. String Operations
    7. Strings without Quotes
    8. String Modification & Related
    9. Union Injections
    10. Bypassing Login Screens
    11. Enabling xp_cmdshell in SQL Server 2005
    12. Finding Database Structure in SQL Server
    13. Fast way to extract data from Error Based SQL Injections in SQL Server
    14. Blind SQL Injections
    15. Covering Your Tracks
    16. Extra MySQL Notes
    17. Second Order SQL Injections
    18. Out of Band (OOB) Channel Attacks

Hope this cheat sheet helps you guys to better understand SQL Injection. Have you worked on SQL injection while testing web application, please share your experience in the comments below:

If you are not regular reader of this website then highly recommends you to Sign up for our free email newsletter!! Sign up just providing your email address below:

Enter your email address:

Check email in your inbox for confirmation to get latest updates Software Testing for free.

Happy Testing!!!

5 comments to Understand SQL Injection Better with the SQL Injection Cheat Sheet

  • Ravi

    Thanks STC, liked the information on SQL Injections.

  • Shawn


    Awesome article, I never worked on SQL injection and this is new for me. So today I learned new concept here, keep posting such a wonderful and fresh info for readers like me..


  • Mohit

    I worked on sql injection (unofficially). When I was suppose to test web application then I usually try to enter single quote (‘) in the search criteria text box field and check if it is failing to search or showing an exception.

    Today I come to know that there is not only above case but also many more cases can be executed as a part of SQL injection.

    Thanks and keep posting…
    – Mohit

  • Raghu

    Nice explained concepts here. Thanks

  • Suresh

    I was looking for sql injection few days back and received email about this article. Thanks for website author for publishing.


Leave a Reply

You can use these HTML tags

<a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>