Timeline for MySQL Injection
Current License: CC BY-SA 3.0
8 events
| when toggle format | what | by | license | comment | |
|---|---|---|---|---|---|
| Sep 21, 2017 at 18:28 | comment | added | Nate | Duplicate of security.stackexchange.com/questions/169858/… | |
| Sep 16, 2017 at 20:32 | comment | added | John Telley | @SmokeDispenser I know where you are coming from, but I don't think it'll work. Whether we use union or sub-selects, at some point it's necessary to specify table name and since we cannot use any variables without a prepared statement, I don't see a way to bypass the upper case. I was thinking about collations (dev.mysql.com/doc/refman/5.7/en/charset-collate.html) or some modifiers that can force a case insensitive select | |
| Sep 16, 2017 at 18:27 | comment | added | Tobi Nary | Not off the top of my head, but along these lines: dev.mysql.com/doc/refman/5.7/en/derived-tables.html | |
| Sep 16, 2017 at 18:11 | comment | added | John Telley | @SmokeDispenser I've tried a lot of similar stuff without luck. How would I concatenate the name from information_schema to FROM? Can you please provide a working example? | |
| Sep 16, 2017 at 18:08 | comment | added | Tobi Nary | You can extract the actual name from the Schema information, (show tables) and use that in a union select. | |
| Sep 16, 2017 at 17:45 | history | edited | John Telley | CC BY-SA 3.0 |
deleted 3 characters in body
|
| Sep 16, 2017 at 17:16 | review | First posts | |||
| Sep 17, 2017 at 7:22 | |||||
| Sep 16, 2017 at 17:13 | history | asked | John Telley | CC BY-SA 3.0 |