I was wondering if anyone had any resources for mapping sqli payloads to databases. I’m curious as to whether there are any resources which list characters to use for SQLI for specific database types. I was hoping there would be some go-to resource for sqli like GTFO bins is for SUID and sudo.
Any suggestions would be greatly appreciated
This resource ain’t too bad… Still not as comprehensive as I’d like, but it is just a pretty huge topic.
On a more practical side, the portswigger labs are pretty decent as well, but you can hardly call them a complete overview.
I think I understand what you are looking for, and you think it would exist indeed… but never really seen one big summary that I felt was more or less towards ‘somewhat complete’.
Most of them are fragmented, overly simplified rechewed material or specific to a single database.
Or you get huge lists of payloads that are near impossible to verify their validity.
If anyone does know of a more complete resource, I’d be very interested as well.
Sqlmap’s payloads is a pretty good resource in itself as well:
thanks seems like a good link!
gtfobins is actually a cheat sheet, you can find many sql injection cheat sheets on google, rest is waf bypass techniques, mostly achieved with product functions