Questions about this topic? Sign up to ask in the talk tab.

SQL injection/Target Environments/Mapping/MySQL

From NetSec
Revision as of 02:08, 19 July 2012 by LashawnSeccombe (Talk | contribs)

Jump to: navigation, search
SQL injection > Target Environments > Mapping > MySQL


When outside of the C SQL API, access the data structure via the information_schema database.

  • Show Databases equivalent:
SELECT schema_name FROM information_schema.schemata;
  • Show tables equivalent:
SELECT TABLE_NAME FROM information_schema.tables WHERE table_schema=[database_name]
  • Show fields equivalent:
SELECT column_name FROM information_schema.columns WHERE TABLE_NAME=[TABLE_NAME] AND table_schema=[database_name]

If the currently selected database is the only accessible database in the context of the vulnerable query, time can be saved by using the database() function or @@database environment variables, e.g. where table_schema = database() or where table_schema = @@database.

Currently viewing SQL injection > Target Environments > Mapping > MySQL
Retrieved from "http://nets.ec/index.php?title=SQL_injection/Target_Environments/Mapping/MySQL&oldid=8148"