53 SQL Injection Database INFORMATION SCHEMA Database Part 11

INFORMATION_SCHEMA Database To pull data from tables using UNION SELECT, we need to properly construct our SELECT queries. For this, we need the following information: List of databases A list of tables within each database A list of columns within each table With the information above, we can create our SELECT statement to dump data from any column in any table within any database within the DBMS. This is where we can use the INFORMATION_SCHEMA database. INFORMATION_SCHEMA The INFORMATION_SCHEMA database contains metadata about the databases and tables that exist on the server. This database plays a crucial role exploiting SQL injection vulnerabilities. Since this is a different database, we cannot call its tables directly with a SELECT statement. If we only specify a table name for the SELECT statement, it will search for tables within the same database. So, to refer to the existing table in another DB, we can use dot operator '.'. For example, to select a table that users are in a database called my_database, we could use: SELECT * FROM my_database.users; SCHEMA To begin our enumeration, we need to find which databases are available in the DBMS. The SCHEMATA table in the INFORMATION_SCHEMA database contains information about all the databases on the server. It is used to obtain database names so that we can then query them. The SCHEMA_NAME column contains all current database names. SELECT SCHEMA_NAME, database() FROM INFORMATION_SCHEMA.SCHEMATA; TABLES We can also get the tables residing in a particular database: SELECT TABLE_NAME,TABLE_SCHEMA FROM INFORMATION_SCHEMA.TABLES where table_schema='testdb'; COLUMNS select COLUMN_NAME,TABLE_NAME,TABLE_SCHEMA from INFORMATION_SCHEMA.COLUMNS where table_name='creditcards'