SELECT table_schema, table_name FROM information_schema. SELECT table_schema,table_name FROM information_schema.tables WHERE table_schema != ‘mysql’ AND table_schema != ‘information_schema’ SELECT table_schema, table_name, column_name FROM information_lumns WHERE table_schema != ‘mysql’ AND table_schema != ‘information_schema’ SELECT schema_name FROM information_schema.schemata - for MySQL >= v5.0 SELECT grantee, privilege_type, is_grantable FROM information_er_privileges WHERE privilege_type = ‘SUPER’ SELECT host, user FROM er WHERE Super_priv = ‘Y’ # priv SELECT grantee, privilege_type, is_grantable FROM information_er_privileges - list user privsSELECT host, user, Select_priv, Insert_priv, Update_priv, Delete_priv, Create_priv, Drop_priv, Reload_priv, Shutdown_priv, Process_priv, File_priv, Grant_priv, References_priv, Index_priv, Alter_priv, Show_db_priv, Super_priv, Create_tmp_table_priv, Lock_tables_priv, Execute_priv, Repl_slave_priv, Repl_client_priv FROM er - priv, list user privsSELECT grantee, table_schema, privilege_type FROM information_schema.schema_privileges - list privs on databases (schemas)SELECT table_schema, table_name, column_name, privilege_type FROM information_lumn_privileges - list privs on columns SELECT tablename SET Marks 85 WHERE FirstName ‘Andy’. Note 2: Full list of SQLite commands are here. Data can be updated in the table using UPDATE DML statement: SELECT tablename SET colname1 value1, colname2 value2. are SQLite commands and the one without that are the regular SQLs. ![]() sqlite> alter table department rename to dept 5. John the Ripper will crack MySQL password hashes. Note: To distinguish between the regular SQL and SQLite commands, we can take a note at the. The following example renames department table to dept using the alter table command. SELECT host, user, password FROM er - priv These are marked with “– priv” at the end of the query. ![]() Some of the queries in the table below can only be run by an admin. I’m not planning to write one for MS Access, but there’s a great MS Access Cheat Sheet here. The complete list of SQL Injection Cheat Sheets I’m working is: This helps to highlight any features which are lacking for each database, and enumeration techniques that don’t apply and also areas that I haven’t got round to researching yet. In this series, I’ve endevoured to tabulate the data to make it easier to read and to use the same table for for each database backend. This post is part of a series of SQL Injection Cheat Sheets. Some useful syntax reminders for SQL Injection into MySQL databases…
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |