Questions about this topic? Sign up to ask in the talk tab.
Difference between revisions of "SQL injection/Target Environments/Mapping/MySQL"
From NetSec
| Line 1: | Line 1: | ||
| − | :<font size="-2">[[SQL injection]] > [[SQL injection/Target Environments|Target Environments]] > [[SQL injection/Target Environments/Mapping|Mapping]] > MySQL</font> | + | <noinclude>:<font size="-2">[[SQL injection]] > [[SQL injection/Target Environments|Target Environments]] > [[SQL injection/Target Environments/Mapping|Mapping]] > MySQL</font></noinclude> |
When outside of the [[C]] [[SQL]] [[API]], access the data structure via the information_schema database. | When outside of the [[C]] [[SQL]] [[API]], access the data structure via the information_schema database. | ||
| Line 16: | Line 16: | ||
If the currently selected database is the only accessible database in the context of the [[vulnerability|vulnerable]] query, time can be saved by using the database() function or @@database environment variables, e.g. '''where table_schema = database()''' or '''where table_schema = @@database'''. | If the currently selected database is the only accessible database in the context of the [[vulnerability|vulnerable]] query, time can be saved by using the database() function or @@database environment variables, e.g. '''where table_schema = database()''' or '''where table_schema = @@database'''. | ||
| + | |||
| + | |||
<noinclude><div style="padding-top:5px; padding-bottom:5px; border-top:1px solid; border-bottom:1px solid; display:inline-block;">'''Currently viewing''' [[SQL injection]] > [[SQL injection/Target Environments|Target Environments]] > [[SQL injection/Target Environments/Mapping|Mapping]] > MySQL</div></noinclude> | <noinclude><div style="padding-top:5px; padding-bottom:5px; border-top:1px solid; border-bottom:1px solid; display:inline-block;">'''Currently viewing''' [[SQL injection]] > [[SQL injection/Target Environments|Target Environments]] > [[SQL injection/Target Environments/Mapping|Mapping]] > MySQL</div></noinclude> | ||
Revision as of 02:10, 19 July 2012
- SQL injection > Target Environments > Mapping > MySQL
When outside of the C SQL API, access the data structure via the information_schema database.
- Show Databases equivalent:
SELECT schema_name FROM information_schema.schemata; |
- Show tables equivalent:
SELECT TABLE_NAME FROM information_schema.tables WHERE table_schema=[database_name] |
- Show fields equivalent:
SELECT column_name FROM information_schema.columns WHERE TABLE_NAME=[TABLE_NAME] AND table_schema=[database_name] |
If the currently selected database is the only accessible database in the context of the vulnerable query, time can be saved by using the database() function or @@database environment variables, e.g. where table_schema = database() or where table_schema = @@database.
