Suppose that i found site has gt an sql injected site ... how can I show thae name of the tables?

sql

19th Jun 2019, 8:51 PM

Omar

3 ответов

+ 3

Don't do it. Inform the webmaster of the page and mark it as done else your pretty likely going to jail for that shit

19th Jun 2019, 10:24 PM

Lexfuturorum

+ 1

You inject a `SHOW TABLES;`. It really depends on what SQL server they use and what the website looks like so you can get it to display. But yeah, you should probably be nice and send the guys an email.

19th Jun 2019, 10:59 PM

Schindlabua

To know that there is an sqli vuln i must inject payload like select to know if this input has got this vuln or not ...so .... and suppose that i see thae database...what is the problem of this?? I will not steal them☺ I will tell the webmaster of course

20th Jun 2019, 9:17 PM

Omar