Json Sql Injection Cheat Sheet

Posted on by



Published Tue 07 March 2017 in SQL > Development > JSON
  1. Sql Injection Cheat Sheet Pdf
  2. Oracle Sql Injection Cheat Sheet
  3. Json Sql Injection Cheat Sheet Examples
  4. Sql Injection Cheat Sheet Owasp

SQL Injection (POST/Select) SQL Injection (AJAX/JSON/jQuery) SQL Injection (CAPTCHA) SQL Injection (Login Form/Hero) SQL Injection (Login Form/User) SQL Injection (SQLite) SQL Injection (Drupal) SQL Injection - Stored (Blog) SQL Injection - Stored (SQLite) SQL Injection - Stored (User-Agent) SQL Injection - Stored (XML) SQL Injection - Blind. SELECT 'portal' user FROM activetab tab0 WHERE (TRUE) AND ((TA0.grpid) = 'sqlgrp1') The aggregates key in JSON corresponds to the columns section of the SQL statement and the filters corresponds to the condition. This does fetch some data from the DB, but it only returns data from my group. SQL Injection (Login Form/Hero) ok' or 1=1- SQL Injection(SQLite) a%' UNION ALL SELECT 1,sqliteversion,1,1,1,1; - SQL Injection - Stored (Blog) Be sure to add a space after the - for this one, otherwise the injection will not work. Asdf',(SELECT database ))- To begin enumerating tables.

This post is a reference of my examples for processing JSON data in SQL Server. For more detailed explanations of these functions, please see my post series on JSON in SQL Server 2016:

Additionally, the complete reference for SQL JSON handling can be found at MSDN: https://msdn.microsoft.com/en-us/library/dn921897.aspx

Parsing JSON

Getting string JSON data into a SQL readable form.

ISJSON()

Checks to see if the input string is valid JSON.

JSON_VALUE()

Pentestmonkey sql injection cheat sheet

Extracts a specific scalar string value from a JSON string using JSON path expressions.

Strict vs. Lax mode

If the JSON path cannot be found, determines if the function should return a NULL or an error message.

JSON_QUERY()

Returns a JSON fragment for the specified JSON path.

This is useful to help filter an array and then extract values with JSON_VALUE():

OPEN_JSON()

Json injection exampleSql

Returns a SQL result set for the specified JSON path. The result set includes columns identifying the datatypes of the parsed data.

Creating JSON

Creating JSON data from either strings or result sets.

Sql injection cheat sheet owasp

FOR JSON AUTO

Automatically creates a JSON string from a SELECT statement. Quick and dirty.

FOR JSON PATH

Formats a SQL query into a JSON string, allowing the user to define structure and formatting.

Modifying JSON

Updating, adding to, and deleting from JSON data.

JSON_MODIFY()

Allows the user to update properties and values, add properties and values, and delete properties and values (the delete is unintuitive, see below).

Modify:

Add:

Json Sql Injection Cheat Sheet

Sql Injection Cheat Sheet Pdf

Delete property:

Delete from array (this is not intuitive, see my Microsoft Connect item to fix this: https://connect.microsoft.com/SQLServer/feedback/details/3120404/sql-modify-json-null-delete-is-not-consistent-between-properties-and-arrays )

SQL JSON Performance Tuning

Oracle Sql Injection Cheat Sheet

SQL JSON functions are already fast. Adding computed columns and indexes makes them extremely fast.

Json Sql Injection Cheat Sheet Examples

Computed Column JSON Indexes

JSON indexes are simply regular indexes on computed columns.

Add a computed column:

Sql Injection Cheat Sheet Owasp

Add an index to our computed column:

Performance test: