Advanced SQLi exploiting

In this section, we're going to add a function to read all the table names from the database, and we are going to add a function to read the files from the database server OS.

First, we're going to see how we can obtain all the table names that are in the database in order to see if we see something of interest, and then we're going to add the capability to reach finals from the OS file system.

Now, let's open the file SQLinjector-3.py. We have a new function in here that will help us obtain the table names in the different schemas, except the ones we are filtering out to reduce the noise in the output:

def detect_table_names(url):  new_url= url.replace("FUZZ","""\'%20union%20SELECT%20CONCAT('TOK', table_schema,'TOK'),CONCAT('TOK',table_name,'TOK')%20FROM ...

Get Learning Python Web Penetration Testing now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.