Web Hacking
◾
347
be printed out from the database. Before the UNION statement, we have used “1=0” to prevent
the values of the first part of query (before left-hand side of UNION) to be displayed on screen/
☺
.
Now we can print the
data in all the six columns, as can be seen from this screenshot. This is
a highly unusual case;
in most cases, you would be able to print the data of a few columns only.
Fingerprinting the Database
The next step would be to fingerprint the database, enumerating things such as the database name
and database version. We can use “
version()
”, “
user()
”, “
database()
”, and other built-in
functions to enumerate the database.
Syntax
http://localhost/index.php?support=yes’ and 1=0 UNION all select 1,version(),user(),
database(),5,6--±
In
this query, we have replaced the values of columns 2,3,4 with our functions.
Enumeration Information
Version—5.1.41
Db _ us r
—root
Database—Information_schema
As we can see from the information we obtained from the earlier query, the MYSQL version is
5.1.41;
this is extremely important; you’ll know why when we learn about SQL injection in mysql
database version <5. The second important information is the
db _ user
, which is
root
, which
means that we have root-level privileges on the database.
