[英]SQL injection query for enumerating available tables in databases
We have an exercise and are struggling to come up with a sql injection to find more data from the database in mySQL.我们有一个练习,正在努力想出一个 sql 注入,从 mySQL 的数据库中找到更多的数据。
Here is how far we have got: mySQL webpage result这是我们得到的结果: mySQL 网页结果
In the above picture you can see we have managed to get the database to divulge the userid, user and passwd values.在上图中,您可以看到我们已经设法让数据库泄露用户标识、用户和密码值。
To achieve this we have typed: admin' --
in the login box为此,我们在登录框中输入:
admin' --
Then: ' union select table_name from information_schema.tables --
in the password box Then:
' union select table_name from information_schema.tables --
在密码框中
However, this is not the entire goal of the exercise.然而,这并不是演习的全部目标。 We must discover the databases and tables that are available.
我们必须发现可用的数据库和表。 We are unsure why the response is not taking into account our query
union select table_name from information_schema.tables
.我们不确定为什么响应没有考虑我们
union select table_name from information_schema.tables
。
Here is an example of what the response is if nothing is typed in either login or password box: default mySQL webpage以下是在登录或密码框中未输入任何内容时的响应示例:默认 mySQL 网页
Our tasks:我们的任务:
Could someone point us in the right direction?有人能指出我们正确的方向吗?
Why isnt our select table_name from information_schema.tables
working?为什么 information_schema.tables 中的
select table_name from information_schema.tables
工作?
UPDATE: we managed to get 238 rows returned after restructuring our initial query in the first login box to:更新:在将第一个登录框中的初始查询重组为:
admin’ union select table_name,2,3 from information_schema.tables -- -
The fix: the amount of columns have to match between first select query and union select query.修复:第一个 select 查询和联合 select 查询之间的列数必须匹配。
You'll probably have to put the entire injection in the username box.您可能必须将整个注入放在用户名框中。 At the moment the
--
after the admin'
in the login input is commenting the rest of the query.目前
--
在登录输入中的“ admin'
之后,正在评论查询的 rest。
ie The login box should contain admin' UNION SELECT table_name FROM information_schema.tables --
即登录框应该包含
admin' UNION SELECT table_name FROM information_schema.tables --
You may need to select padding columns from information_schema.tables
as there is no way to tell how many columns the users
table has.您可能需要 select 填充来自
information_schema.tables
的列,因为无法判断users
表有多少列。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.