Questions about this topic? Sign up to ask in the talk tab.

Difference between revisions of "SQL injection/Target Environments/Mapping/MySQL"

From NetSec
Jump to: navigation, search
 
(9 intermediate revisions by one other user not shown)
Line 1: Line 1:
<noinclude>[[SQL injection]] > [[SQL injection/Target Environments|Target Environments]] > [[SQL injection/Target Environments/Mapping]] > MySQL</noinclude>
+
<noinclude>{{path|[[SQL injection]] > [[SQL injection/Target Environments|Target Environments]] > [[SQL injection/Target Environments/Mapping|Mapping]] > MySQL}}</noinclude>
 +
 
 
When outside of the [[C]] [[SQL]] [[API]], access the data structure via the information_schema database.
 
When outside of the [[C]] [[SQL]] [[API]], access the data structure via the information_schema database.
  
Line 14: Line 15:
 
{{code|text=<source lang="sql">select column_name from information_schema.columns where table_name=[table_name] and table_schema=[database_name]</source>}}
 
{{code|text=<source lang="sql">select column_name from information_schema.columns where table_name=[table_name] and table_schema=[database_name]</source>}}
  
If the currently selected database is the only accessible database in the context of the [[vulnerable]] query, time can be saved by using the database() function or @@database environment variables, e.g. '''where table_schema &#x3d; database()''' or '''where table_schema &#x3d; @@database'''.
+
If the currently selected database is the only accessible database in the context of the [[vulnerability|vulnerable]] query, time can be saved by using the database() function or @@database environment variables, e.g. '''where table_schema &#x3d; database()''' or '''where table_schema &#x3d; @@database'''.

Latest revision as of 06:58, 19 July 2012

SQL injection > Target Environments > Mapping > MySQL

When outside of the C SQL API, access the data structure via the information_schema database.

  • Show Databases equivalent:
SELECT schema_name FROM information_schema.schemata;
  • Show tables equivalent:
SELECT TABLE_NAME FROM information_schema.tables WHERE table_schema=[database_name]
  • Show fields equivalent:
SELECT column_name FROM information_schema.columns WHERE TABLE_NAME=[TABLE_NAME] AND table_schema=[database_name]

If the currently selected database is the only accessible database in the context of the vulnerable query, time can be saved by using the database() function or @@database environment variables, e.g. where table_schema = database() or where table_schema = @@database.