Waraxe IT Security Portal

valntinolove · Beginner

hi iam a new member here many people say to me i'll be some thing in sql injection in this forum coz it has alot of prof. in this game Twisted Evil

realy i wanna to be prof. too so i have some qustions and any one can replay plz give me also good paper or the place which he get the answer from Embarassed

1-how can i updat all tables in one time without get all columns from having 1=1
2- can i get the tables and columns with this way
having 1=1 the result (admin.username)
the i make like this
group by admin.username having 1=1 and table_name not in(admin)
3- how can i get the information of the database and connect to it(mssql/mysql)
i can get the user with user() and the curent database with database()
and the host
select host from mysql.host
is that right ?
4-how can i add user to the server and iam not dbo or adminstrator so i can't use cmd_shell
5-when the magic_quites=on i cann't use select into outfile coz it's agrument must in '' so what can i do or is there anther way to upload file
i tried to crypt it or put it in concat and any thing but never worked
6-i have a lot of sites i get the table names and columns names from information_schema.cloumns but when i make the query it gives me error massage that there is not table like this !! Shocked

how is that be..?
7-i have a site when i make select user from mysql.user the result be
???a??? and password ???A??? is that crypt or i havn't permtions or what?
8-how can i use show function in injection
9- why i can't user * in injection
10-how can i use sp_columns or tables ?
i know that's very boring but i think there is here some good members can help me Wink

C U

ketchup · Regular user