RE: Table enumeration in mysql injection

From: Matt Gibson (MattG_at_blueedgetech.ca)
Date: 03/04/05

  • Next message: Nick Owen: "RE: Separating authentication and authorization for admins was: RE: AD across both DMZ & LAN" 
    Date: Fri, 4 Mar 2005 10:11:44 -0800
To: Mert Eren ÜSTÜNKAYA <mustunkaya@cepdunyasi.com>

    Unless I'm missing something, the only bit in that article to do with finding a table name involves looking through the html/javascript code. I'm looking for a method for finding the name within mysql itself. I realize commands like "show table" exist, but they do not seem to work within the format of the injection.

    -Matt

    -----Original Message-----
    From: Mert Eren ÜSTÜNKAYA [mailto:mustunkaya@cepdunyasi.com]
    Sent: March 4, 2005 12:38 AM
    To: Matt Gibson
    Cc: security-basics@securityfocus.com
    Subject: Re: Table enumeration in mysql injection

    A nice and easy document on how to get table names and injection process ...

    http://www.tgs-security.com/tutorials/advsqlinj.txt

    ----- Original Message -----
    From: "Matt Gibson" <MattG@blueedgetech.ca>
    To: <security-basics@securityfocus.com>
    Sent: Thursday, March 03, 2005 9:40 AM
    Subject: Table enumeration in mysql injection

    Hi everyone!

    Working on some SQL injection to hone my skills, but I'm coming up
    against a problem early on. I'm working on a mysql database, and it
    seems I can directly inject into the url. However, since I don't know
    the name of the table I'm on, I don't seem to be able to extract any
    information from it. How does one go about determining the current
    table, or even a list of all tables in the database?

    Thanks!

    -Matt

  • Next message: Nick Owen: "RE: Separating authentication and authorization for admins was: RE: AD across both DMZ & LAN"

    Relevant Pages

    • Re: Breaking from MySQL to Linux system (SQL Injection).
      ... I'm pentesting a customer in a blackbox method, I found a Mysql Injection based in error response. ... The default umask allow every users to read new created files, I think is very uncommon a developer which remove the read permissions of all .php file he upload. ...
      (Pen-Test)
    • Re: Table enumeration in mysql injection
      ... A nice and easy document on how to get table names and injection process ... ... Table enumeration in mysql injection ... Working on some SQL injection to hone my skills, ... I'm working on a mysql database, ...
      (Security-Basics)