Security Basics mailing list archives
Re: Table enumeration in mysql injection
From: Mert Eren ÜSTÜNKAYA <mustunkaya () cepdunyasi com>
Date: Fri, 4 Mar 2005 10:37:35 +0200
A nice and easy document on how to get table names and injection process ... http://www.tgs-security.com/tutorials/advsqlinj.txt----- Original Message ----- From: "Matt Gibson" <MattG () blueedgetech ca>
To: <security-basics () securityfocus com> Sent: Thursday, March 03, 2005 9:40 AM Subject: Table enumeration in mysql injection Hi everyone! Working on some SQL injection to hone my skills, but I'm coming up against a problem early on. I'm working on a mysql database, and it seems I can directly inject into the url. However, since I don't know the name of the table I'm on, I don't seem to be able to extract any information from it. How does one go about determining the current table, or even a list of all tables in the database? Thanks! -Matt
Current thread:
- Table enumeration in mysql injection Matt Gibson (Mar 03)
- Re: Table enumeration in mysql injection Mert Eren ÜSTÜNKAYA (Mar 04)
- <Possible follow-ups>
- RE: Table enumeration in mysql injection Matt Gibson (Mar 04)