This wiki's mission is to be a one stop resource for fully identifying, exploiting, and escalating SQL injection vulnerabilities across various Database Management Systems (DBMS). This wiki assumes you have a basic understanding of SQL injection, please go here for an introduction if you are unfamiliar.

Below is an outline of the wiki's structure, laid out in the order of a normal escalation path. Certain queries may be version specific.

Step 1: Injection Detection

Step 2: DBMS Identification

Step 3: Injection Types

Step 4: Injection Techniques

Step 5: Attack Queries


Please feel free to submit pull requests or issues on our Github if you notice something that is missing or inaccurate.

© 2017 Copyright by NetSPI. All rights reserved.