MySQL Introduction
This section provides a comprehensive collection of SQL injection techniques specific to MySQL databases. The techniques are organized into the following categories:
Basics
Fundamental concepts and techniques for MySQL injection:
- Comment Out Query - Using MySQL comment syntax to modify queries
- Testing Injection - Methods to verify if a MySQL injection point exists
- Constants - Working with MySQL constants in injection scenarios
- Operators - Leveraging MySQL operators for injection
- Default Databases - Understanding and targeting MySQL’s default databases
Information Gathering
Techniques to extract information from MySQL databases:
- Testing Version - Methods to determine MySQL version
- Database Names - Retrieving available database names
- Server Hostname - Obtaining the MySQL server hostname
- Server MAC Address - Extracting MAC address information
- Tables and Columns - Discovering table and column names
- Database Credentials - Techniques to extract MySQL credentials
Injection Techniques
Advanced methods for exploiting MySQL injection vulnerabilities:
- Avoiding Quotations - Bypassing quote filters
- String Concatenation - Techniques to concatenate strings in MySQL
- Conditional Statements - Using IF and CASE statements for advanced injections
- Stacked Queries - Executing multiple statements in one injection
- MySQL-Specific Code - Exploiting unique MySQL functions and features
- Timing - Time-based blind injection methods
- Fuzzing/Obfuscation - Techniques to bypass WAFs and filters
Advanced Techniques
Sophisticated attacks for extracting data and gaining system access:
- Privileges - Determining and exploiting user privileges
- Reading Files - Techniques to read files from the server filesystem
- Writing Files - Methods to write files to the server
- Out-of-Band Channeling - Extracting data via alternative channels
- Password Hashing - Understanding and exploiting MySQL password storage
- Password Cracking - Techniques to recover passwords from hashes
Browse the techniques using the sidebar navigation or select a specific category to explore.