User Tools

Site Tools


hacking:sql_injection:mysql:union_injections

Hacking - SQL Injection - MySQL - Union Injections

With union you do SQL queries cross-table.

Basically you can poison query to return records from another table.

SELECT header, txt FROM news UNION ALL SELECT name, pass FROM members 

This will combine results from both news table and members table and return all of them.

Another Example:

' UNION SELECT 1, 'anotheruser', 'doesnt matter', 1--

UNION – Fixing Language Issues

While exploiting Union injections sometimes you get errors because of different language settings (table settings, field settings, combined table / db settings etc.) these functions are quite useful to fix this problem.

It's rare but if you dealing with Japanese, Russian, Turkish etc. applications then you will see it.

For every possible issue:

Hex() 

UNION - convert() errors before union target errors

So start with convert() then union:

Simple Insert:

'; insert into users values( 1, 'hax0r', 'coolpass', 9 )/*

hacking/sql_injection/mysql/union_injections.txt · Last modified: 2020/07/15 09:30 by 127.0.0.1

Donate Powered by PHP Valid HTML5 Valid CSS Driven by DokuWiki