SQL Injection Cheatsheet

2024-09-01

#PortSwigger #SQL Injection #Cheatsheet

SQL Cheatsheet#

SQL injection cheat sheet
sqlmap cheatsheet
Remember that URL encoding is NECESSARY!

Using fuzz list in Intruder for initial testing#

Put parameter to intruder, select Fuzzing - SQL Injection

Add parameters to Intruder

Add regex to replace placeholders {base} and {domain} with the base value of payload position and Burp Collaborator. Java regex quirk: { has special meaning, so matching {base} needs regex: (\{base})

Add to payload processing