Difference between revisions of "SQL injection/Target Environments/Mapping/MySQL"

Revision as of 01:21, 19 July 2012

back to SQL injection

When outside of the C SQL API, access the data structure via the information_schema database.

Show Databases equivalent:

SELECT schema_name FROM information_schema.schemata;

Show tables equivalent:

SELECT TABLE_NAME FROM information_schema.tables WHERE table_schema=[database_name]

Show fields equivalent:

SELECT column_name FROM information_schema.columns WHERE TABLE_NAME=[TABLE_NAME] AND table_schema=[database_name]

If the currently selected database is the only accessible database in the context of the vulnerable query, time can be saved by using the database() function or @@database environment variables, e.g. where table_schema = database() or where table_schema = @@database.

Difference between revisions of "SQL injection/Target Environments/Mapping/MySQL"

Revision as of 01:21, 19 July 2012

Navigation menu

Views

Personal tools

Wiki

Community

Search

Tools

Revision as of 00:08, 19 July 2012 (view source) LashawnSeccombe (Talk \| contribs) (Created page with "<noinclude>{{subpage\|SQL injection}}</noinclude> When outside of the C SQL API, access the data structure via the information_schema database. * <i>'''Show Databases...")	Revision as of 01:21, 19 July 2012 (view source) LashawnSeccombe (Talk \| contribs) m (moved SQL injection/Potential target environments/Navigating unfamiliar databases without the C API/MySQL database mapping to SQL injection/Target Environments/Mapping/MySQL) Newer edit →
(No difference)