Burp Suite Certified Practitioner

Here I collect some tips and trick that found helpful during my preparation for the BSCP Cert.

It is meant as an addition to the official cheat sheets provided by Portswigger.

SQL Injection

• PortSwigger cheat sheet
• OWSAP testing guide

Dump table names via `UNION' (only one string column required)

Database Engine	Code
Oracle	SELECT table_name FROM all_tables SELECT column_name FROM all_tab_columns WHERE table_name = 'TABLE-NAME-HERE'
MS / PSQL / MySQL	SELECT table_name FROM information_schema.tables SELECT column_name FROM information_schema.columns WHERE table_name = 'TABLE-NAME-HERE'