Home » Writeups » Security Trainings » PortSwigger » SQL Injection (SQLi)

SQL Injection Cheatsheet

Notes for SQL injection cheatsheet and other things

September 1, 2024 · 1 min · qvinhprolol

Table of Contents

SQL Cheatsheet
Using fuzz list in Intruder for initial testing

SQL Cheatsheet

SQL injection cheat sheet
sqlmap cheatsheet
Remember that URL encoding is NECESSARY!

Using fuzz list in Intruder for initial testing

Put parameter to intruder, select Fuzzing - SQL Injection

Add parameters to Intruder

Add regex to replace placeholders {base} and {domain} with the base value of payload position and Burp Collaborator. Java regex quirk: { has special meaning, so matching {base} needs regex: (\{base})

Add to payload processing