SQL multi-line output in a single line
When we are exploiting SQL injection - the most desired thing is to get as much information as possible in shortest time. Time matters, gentleman! So the very typical problem is: how to deal with multi-line output when the output... well, very often a one line or even less?... ;) Let's do it together.
Something very basic for the beginning: this query in MS SQL
SELECT name FROM master..sysdatabases
will produce more-or-less the following output:
master tempdb model msdb test ...
All is clear, right. So how we may get the rows one-by-one? This is the one of possible solutions:
SELECT TOP 1 name FROM master..sysdatabases
WHERE name not in (SELECT TOP 0 name FROM master..sysdatabases)
The query will return you the 1st item from the top: master
What is going to happen if we would change 0 to 1 in the subquery in brackets?
SELECT TOP 1 name FROM master..sysdatabases
WHERE name not in (SELECT TOP 1 name FROM master..sysdatabases)
Yes, we receive 2nd item from the top: tempdb. And so on. Easy.
If we are talking about MySQL - selecting a one particular row is so simple so it need no comments at all:
SELECT USER, HOST, PASSWORD FROM mysql.user LIMIT 0, 1
Ok, and now something completly different. A man with a stoat through his head.* ;) No no no. But imagine that in MySQL we want to have all output lines in one row, and execute the only one sql query? Still doable! See this:
SELECT GROUP_CONCAT(CONCAT(USER,0x40,HOST,0x3a,PASSWORD) SEPARATOR 0x7C)
FROM mysql.user
This gives us the following nice output: root@localhost:|root@127.0.0.1:|@localhost:|test@%:*94BDE19087AF4CFCE2A1F9F02F96
...which is exactly what we wanted. Some explanations regarding the special characters used:
0x7C --> | 0x40 --> @ 0x3a --> :
You can use your own separators at your will. Nothing new really, but still good to remember.
Recent Posts
- Knowledge sharing event: Risk-based approaches to protecting your data – London, Tuesday 19th April
- Training – Hacking and Securing Oracle Database (11g)
- Changed language does not persist when Skype is restarted: how to solve the annoying issue
- More 3D Fun with Kinect and Delphi. You can grab and save still 3D frames!
- Having Fun with Kinect and Delphi (examples of 2D and 3D visualization)
- Smuggling .NET code inside batch files. Impossible? Who said that?
- Cross-site scripting explained (video)
- Innocent comment regarding sensitive information disclosure…
- Pentesting privilege escalation in web applications
- TinyWeb: Pocket-size Portable Web Server With CGI And PHP Support (!)
Popular
Archives
- April 2011 (2)
- January 2011 (1)
- December 2010 (3)
- October 2010 (1)
- September 2010 (8)
- August 2010 (8)
- July 2010 (8)
- June 2010 (2)
Categories
- .NET (1)
- Binary application security (11)
- Cryptography (2)
- Delphi (12)
- Exploitation practice (16)
- Fun (5)
- Java (1)
- Kinect (2)
- Mobile devices security (1)
- Pentesting (15)
- PHP (2)
- Skype (3)
- SQL (5)
- SQL injection (6)
- Uncategorized (9)
- Windows security (6)
Recent Tweets
- Knowledge sharing event: Risk-based approaches to protecting your data - London, Tuesday 19th April More info here: http://itsecuritylab.eu/
- Training at Blackhat 2011: Hacking and Securing Oracle 11g - highly recommended! More info: http://itsecuritylab.eu/
- Changed language does not persist when Skype is restarted: the solution and example how to manage Skype "remotely": http://itsecuritylab.eu
Affiliated websites
