0x90.org

n a v i g a t i o n
news
releases
Absinthe
Download
About
Documentation
Contact
Absinthe Docs:
About
Installation Requirements
Setting Up the Injection
Retrieving the Schema
Retrieving the Data
wasted.cycles
like what you see?
contact

-- SELECT * FROM sneakers WHERE nickname='whistler';

-- Looking for the notorious liquor? We recommend Absinthe from ALANDIA --

Downloading the Schema

After you have initialized the injection, you can proceed to the next tab to download the schema.


When you first encounter this screen, there will be no information, but you will have the options to retrieve the username or download the table information.

Retrieving the Username

Retrieving the connected username is not required to proceed with the injection, but it is a quick way to determine if the injection was initialized properly. It should only take a couple of seconds to download. Once again, this is not a required first step. All authentication against the database is done by the vulnerable web application, not by Absinthe. This is more for curiosity purposes.

Retrieving the Schema

Table Information

The first set of information you will need is the table structure of the schema. Simply click on the Load Table Info button and wait as Absinthe communicates with the web application. Depending on the number of tables in the database, this may take some time.
When it has finished, There should be a list of table names, which can be expanded to display their internal ID number and the number of records stored in each table.

Field Information

After you have gathered the table information, you can proceed to get the field information for each table individually. To do this, select the table name from the list of tables, and click the Load Field Info button. This will retrieve the name, order and data type of all the fields for the table.