Professional Documents
Culture Documents
Section1 Assignment4 DumpTable
Section1 Assignment4 DumpTable
c o m s ki
Exdeertm
b o r
e i t h Sam
y of K
Advanced
Perso n a l p ropSQL
l_my6
9@ yah Injection
o om
o.c
Dump tables
Copyright © Exdemy.com
Dump Users table using SQL Injection
● Dump (i.e. download all the records of) the Users table in SQLi Labs
y . c o m s ki
Exdeertm
b o r
e i t h Sam
y of K
n a l p rop yah oo.com
Perso l_my6
9@
Copyright © Exdemy.com
Dump Users table using SQL Injection - Solution
● For dumping data, we need to use a MySQL function called group_concat to
concatenate all the result
y. c
mothis: o m r s ki
Exdeerlike
○ Then the vulnerable app shows it in the output b o
e i t h Sam
● So the injected query will something ty f K
○ n a l p rop
UNION SELECT 1, .., group_concat(Column1, ya hom
0x3a, .c
ooColumn2, ..) from TABLE
P e r so m y 6 9@
■ 0x3a is as same as colon l_
● Here you can see how we dump users table using SQL Injection:
Copyright © Exdemy.com
y . c o m s ki
Exdeertm
b o r
e i t h Sam
y of K
n a l p rop yah oo.com
Perso l_my6
9@
Copyright © Exdemy.com