MySQL - SQL Injection

Archive of Heavy Query MySQL Oracle SQL Server System Table

MySQL and SQL injection.

Time-Based Blind SQL Injection using Heavy Query
Posted in Blind SQL Injection
Using heavy queries instead of time delays. For different reasons, it might happen that it is impossible to use time delay functions or procedures in order to achieve a classic time delay injection. In these situations, the best option is to...
Continue reading this entry →
Estimating MySQL Table Size using SQL Injection
Posted in Blind SQL Injection
Injecting short time delays in WHERE clause. In some cases, the attacker might want to have a rough idea about the number of records in a table. This is not a crucial piece of information, however it could be helpful to know how much time will be...
Continue reading this entry →
Find Table Names for SQL Injection
Posted in Gathering Information
Extracting table names to achieve SQL injection. Before building a query to extract sensitive information, the attacker must know what data he wants to extract and where it is stored in the database. This article explains how to show table names. To simplify learning, we suppose that...
Continue reading this entry →
Find Column Names for SQL Injection
Posted in Gathering Information
Extracting column names for a given table. Once the attacker knows table names he needs to find out what the column names are in order to extract information. This article explains how this information can be found using meta data...
Continue reading this entry →
System Tables for SQL Injection
Posted in SQL Injection Resources
The system tables of the most popular DBMS. You will find below a complete list of system tables for the most popular database management systems. This list also contain specific information related to SQL injection. This reference is subject to modifications in a near future. It will include...
Continue reading this entry →
Minimal SELECT Structure
Posted in Notes
Simplifying SELECT statements. It is pretty hard to create a valid query when almost no information about the database or the query is known. This can also make testing pretty difficult. Fortunately, some database management systems support minimal query structures and it is...
Continue reading this entry →
Implicit Numeric Conversion in SQL
Posted in Notes
Numeric values between quotes.. Some database management systems support SQL syntax where numeric values are enclosed between quotes. As I know, only MySQL and SQL Server support this particular syntax. Let’s start with a quick example. It is important to mention here that the...
Continue reading this entry →
mysql_real_escape_string SQL injection
Posted in PHP
Understanding how to safely use mysql_real_escape_string function. PHP provides mysql_real_escape_string() to escape special characters in a string before sending a query to MySQL. This function was adopted by many to escape single quotes in strings and by the same occasion prevent SQL injection attacks. However, it can create...
Continue reading this entry →

GET THE BOOK!

Recent Articles

Archive of Heavy Query MySQL Oracle SQL Server System Table

Time-Based Blind SQL Injection using Heavy Query

Estimating MySQL Table Size using SQL Injection

Find Table Names for SQL Injection

Find Column Names for SQL Injection

System Tables for SQL Injection

Minimal SELECT Structure

Implicit Numeric Conversion in SQL

mysql_real_escape_string SQL injection

About

Main Sections

Disclamer