Information schema can be thought of as a default table which is present on all your targets, and contains information about structure of databases, tables, etc., but not the kind of information we are looking for.It can, however, be useful on a number of occasions.In this tutorial we'll skip the first few steps in which we find out whether a website is vulnerable or not, as we already know from the previous tutorial that this website is vulnerable.First off, you need to have Kali linux (or backtrack) up and running on your machine.The first thing I was asked was “asl” – meaning what is my age, sex and location. On the second test, I ended up in a brief chat with a young man, a software developer from India.Well, that is what he said but that’s the thing – who really knows?We will enter multiple columns and separate them with commas.
It comes with a powerful detection engine, many niche features for the ultimate penetration tester and a broad range of switches lasting from database fingerprinting, over data fetching from the database, to accessing the underlying file system and executing commands on the operating system via out-of-band connections." A lot of features can be found on the Sql Map website, the most important being - "Full support for My SQL, Oracle, Postgre SQL, Microsoft SQL Server, Microsoft Access, IBM DB2, SQLite, Firebird, Sybase and SAP Max DB database management systems." That's basically all the database management systems.I hope you guys are starting to get the pattern by now. It might contain the username and passwords of registered users on the website (hackers always look for sensitive data). Try to look at other columns and tables and see what you can dig up.Now, if you were following along attentively, now we will be getting data from one of the columns. Okay, nothing great, but in the real world web pentesting, you can come across more sensitive data. Take a look at the previous tutorial on Manual SQl Injection which will help you find more interesting vulnerable sites.From there however, anything goes – certainly a chat participant may decide to give their name, location, age and other personal information.I tried it a few times by clicking on the link to start chatting with a stranger.