0

Suppose that i found site has gt an sql injected site ... how can I show thae name of the tables?

19th Jun 2019, 8:51 PM
Omar
Omar - avatar
3 Respostas
+ 3
Don't do it. Inform the webmaster of the page and mark it as done else your pretty likely going to jail for that shit
19th Jun 2019, 10:24 PM
Lexfuturorum
Lexfuturorum - avatar
+ 1
You inject a `SHOW TABLES;`. It really depends on what SQL server they use and what the website looks like so you can get it to display. But yeah, you should probably be nice and send the guys an email.
19th Jun 2019, 10:59 PM
Schindlabua
Schindlabua - avatar
0
To know that there is an sqli vuln i must inject payload like select to know if this input has got this vuln or not ...so .... and suppose that i see thae database...what is the problem of this?? I will not steal them☺ I will tell the webmaster of course
20th Jun 2019, 9:17 PM
Omar
Omar - avatar