SQL INJECTION --- UNION BASED SQL INJECTION INTRODUCTION
This blog is only educational purpose. please do not use the skills gained from this blog to harm or attack or even test otherwise/sites/etc to which you do not have the permission.it is illegal to do so.if you get caught & mind you (you would) then don't say that you did not know. you have been specially warned.
few commands that are used in UNION BASED SQL Injection ---
1.union () --
The SQL UNION clause/operator is used to combine the results of two or more SELECT statements without returning any duplicate rows.
2.group_concat () --
syntax -- group_concat (<column_name>)
concats the data in all the rows of a column & put it in a single row separated by ','
3.Information_schema () ---( it is like a Index)
It is a mother database that stored the data about data (metadata) like list of all tables,list of all columns ,the table a column belongs to the database a table, a table belongs to ,data data type of column etc etc...
4.database () ---
gets the name of the database presently in use.
5.order by X --
syntax -- orderby <column no./name>
orders the output of select query according in ascending order of the data inside the specified column.
6.limit X,Y ---
Limit always starts from 0 & gets 'Y' number of rows starting from the 'X+1' rows.
7.user() ---
gets the MYSQL username of present user.
8.Version() ---
gets the version of MYSQL installed.
TIPS ---
This blog is only educational purpose. please do not use the skills gained from this blog to harm or attack or even test otherwise/sites/etc to which you do not have the permission.it is illegal to do so.if you get caught & mind you (you would) then don't say that you did not know. you have been specially warned.
few commands that are used in UNION BASED SQL Injection ---
1.union () --
The SQL UNION clause/operator is used to combine the results of two or more SELECT statements without returning any duplicate rows.
2.group_concat () --
syntax -- group_concat (<column_name>)
concats the data in all the rows of a column & put it in a single row separated by ','
3.Information_schema () ---( it is like a Index)
It is a mother database that stored the data about data (metadata) like list of all tables,list of all columns ,the table a column belongs to the database a table, a table belongs to ,data data type of column etc etc...
4.database () ---
gets the name of the database presently in use.
5.order by X --
syntax -- orderby <column no./name>
orders the output of select query according in ascending order of the data inside the specified column.
6.limit X,Y ---
Limit always starts from 0 & gets 'Y' number of rows starting from the 'X+1' rows.
7.user() ---
gets the MYSQL username of present user.
8.Version() ---
gets the version of MYSQL installed.
TIPS ---
- tables --- stores the information about tables.
- column --- stores the information about column.
- schemata --- stores the information about Database.
No comments:
Post a Comment