I suppose you have already read this .
When I was writing the post “SQL injections” I mentioned that I didn’t know some MsSQL reserved words. This time I have some cheatsheets mostly from darkc0de but you can find everything on the web too. Remember “A dumb asks questions, a smart asks google first” 🙂
This post raises a question, actually the million dollar question. Why should I have a cheatsheet when I can use sqlmap(which is pretty good) for example? There are cases where tools just don’t work and no matter how good a tool is the best tool available is the brain. Also, we must make sure that a web app is vulnerable to SQLi thus we need something more. Also, when it comes to blind SQL injections where you execute queries with time delay in order to get some info about the query structure or how the query works etc, try on your own first then attack with a tool. Adding that I want to understand as much as possible before I start using automated tools.
Download the file from here
This file comes from darkc0de.com .
Scan it for malware, this is a wise idea.
Also, inside there is no executable file.
If you find any malware or any executable leave a comment 😀
Yes, I am psychotic when it comes to security.
Finally, darkc0de had a huge arsenal of exploits, tutorials and things like that. If you find anyone having a backup of this arsenal grab it and take a look.
By the way, the best book I’ve found about SQL injections is SQL injections, Attack and defense .