Discovering tables

Now that we know our target database is called owasp10, let's try to discover the tables that exist in that database. So, our select statement is union select 1, database(),user(),version(),5. Delete user() and version(), or change it to null because we only want to select one thing now, and in 2, we're going to select table_name from the information_schema database. We know that information_schema is a default database created by MySQL and it contains information about all the other databases. We select table_name from information_schema. and after the dot, we put tables. Basically, we're selecting a table called tables from a database called information_schema, and the column that we're selecting is called table_name, so we are selecting table_name from the information_schema database from the tables table. The command is as follows:

union select 1,table_name,null,null,5 from information_schema.tables

The URL command changes as follows:

index.php?page=user-info.php&username=zaid' union select 1,table_name,null,null,5 from information_schema.tables%23&password=123456&user-info-php-submit-button=View+Account+Details

Execute the command to see whether we can get all the tables that exist in the owasp10 database. We can see that we got 237 records; following are all the tables that we have access to:

We are logged in as root, therefore, we can see tables from other web applications, such as tikiwiki, but in real-world scenarios, we'll only see tables related to the current database, which is Mutillidae.

Now we are going to use a where clause and say where table_schema = 'owasp10'. We got the owasp10 databases when we executed the command, so we got owasp10, which is the current database that Mutillidae is working on. We're using the same statement: we're selecting table_name from the information_schema table where table_schema is owasp10. The command is as follows:

union select 1,table_name,null,null,5 from information_schema where table_schema = 'owasp10'

The URL command changes as follows:

index.php?page=user-info.php&username=zaid' union select 1,table_name,null,null,5 from information_schema where table_schema='owasp10'%23&password=123456&user-info-php-submit-button=View+Account+Details

Execute it and, as we can see in the following screenshot, we only have the tables that we're interested in:

We have the accounts, blogs_table, captured_data, credit_cards, hitlog, and pen_test_tools tables. Now, in the What is SQL? section, we saw the content of the owasp10 table and the preceding screenshot also shows the same tables of the owasp database.

Table of Contents for Discovering tables

Create new playlist

Sign In

Sign Up

Table of Contents for
Discovering tables