GROUP_CONCAT MySQL SQL Injection

2-3-2009

Apparently GROUP_CONCAT() is already known by many people, except me! I've just found it. It allows to get multiple rows as a string. This makes it a perfect candidate for one-row union SQL Injections. There is one catch though, by default it returns only 1024 characters (global option, can't be set via an SQL Injection) which is not enough for one query sql-dump sorts of tricks.

However this simple query can be useful for enumerating tables and columns together in fewer requests:

 

Output will be look like:

Damn! I should update SQL Injection Cheat Sheet and SQL Injection Wiki , lots to catch up...

Recent Blog Posts

See all of the blog posts