Waraxe IT Security Portal
Login or Register
November 16, 2024
Menu
Home
Logout
Discussions
Forums
Members List
IRC chat
Tools
Base64 coder
MD5 hash
CRC32 checksum
ROT13 coder
SHA-1 hash
URL-decoder
Sql Char Encoder
Affiliates
y3dips ITsec
Md5 Cracker
User Manuals
AlbumNow
Content
Content
Sections
FAQ
Top
Info
Feedback
Recommend Us
Search
Journal
Your Account
User Info
Welcome, Anonymous
Nickname
Password
(Register)

Membership:
Latest: MichaelSnaRe
New Today: 0
New Yesterday: 0
Overall: 9144

People Online:
Visitors: 72
Members: 0
Total: 72
Full disclosure
SEC Consult SA-20241112-0 :: Multiple vulnerabilities in Siemens Energy Omnivise T3000 (CVE-2024-38876, CVE-2024-38877, CVE-2024-38878, CVE-2024-38879)
Security issue in the TX Text Control .NET Server for ASP.NET.
SEC Consult SA-20241107-0 :: Multiple Vulnerabilities in HASOMED Elefant and Elefant Software Updater
Unsafe eval() in TestRail CLI
4 vulnerabilities in ibmsecurity
32 vulnerabilities in IBM Security Verify Access
xlibre Xnest security advisory & bugfix releases
APPLE-SA-10-29-2024-1 Safari 18.1
SEC Consult SA-20241030-0 :: Query Filter Injection in Ping Identity PingIDM (formerly known as ForgeRock Identity Management) (CVE-2024-23600)
SEC Consult SA-20241023-0 :: Authenticated Remote Code Execution in Multiple Xerox printers (CVE-2024-6333)
APPLE-SA-10-28-2024-8 visionOS 2.1
APPLE-SA-10-28-2024-7 tvOS 18.1
APPLE-SA-10-28-2024-6 watchOS 11.1
APPLE-SA-10-28-2024-5 macOS Ventura 13.7.1
APPLE-SA-10-28-2024-4 macOS Sonoma 14.7.1
Log in Register Forum FAQ Memberlist Search
IT Security and Insecurity Portal

www.waraxe.us Forum Index -> Sql injection -> INSERT sql injection HOW TO
Post new topicReply to topic View previous topic :: View next topic
INSERT sql injection HOW TO
PostPosted: Fri Mar 18, 2005 12:06 am Reply with quote
hihi
Beginner
Beginner
Joined: Mar 18, 2005
Posts: 1




hi.

one question.
When i have sql query INSERT for example:

INSERT INTO kupa_w_dupe VALUES ('', '', '', '', '', '', '', '', '', '$sqx', '', '','','','','','','')

wher in $sqx can you insert sql code.
And for example $sqx='' +('SELECT x FROM y WHERE z=z')+ ''

so
INSERT INTO kupa_w_dupe VALUES ('', '', '', '', '', '', '', '', '', '' +('SELECT X FROM y WHERE z=z')+ '', '', '','','','','','','')
but the SELECT can not insert varible From table y. What is wrong?
Or how to use sql injection INSERT? (mysql)

i use mysql 4.0

and big thx
View user's profile Send private message
PostPosted: Sat Mar 19, 2005 12:13 pm Reply with quote
dairy123
Beginner
Beginner
Joined: Feb 13, 2005
Posts: 4




whatever you have between the single quotes, SQL considers that as data.
and inserts it as a string.

You cannot have an embedded query like that. you are trying to do something like perl and php do - in SQL.

Maybe one solution for your prob. might be select x from y put it an temp variable, and then use that temp vble in the insert. or you might have to do a cursor to insert a new value of the temp variable in a loop.

looks something like this in mssql

declare @x varchar(3)
select @x = x from y where z = z
insert into test ('1', '2', @x)
View user's profile Send private message
PostPosted: Thu Mar 24, 2005 12:17 am Reply with quote
Kaj
Beginner
Beginner
Joined: Mar 24, 2005
Posts: 2




Thanks for the swift reply Very Happy , I'm a computer science student but you've completely lost me lol.

I have a forum, at www.myurl.com and the flaw is in the global.php, so I'm trying to work out the SQL query needed to return the password for a user to me. What SQL query woud I need to use to get the password for a user via their user number please? And could it all be done through my browser?

Thanks
View user's profile Send private message
PostPosted: Thu Mar 24, 2005 9:34 pm Reply with quote
dairy123
Beginner
Beginner
Joined: Feb 13, 2005
Posts: 4




well, the question would be which Forum are you trying to hack. Check out the advisories for SQL injection on this site - all the queries you need to pass are pretty much there. if this is like a custom hack you are trying to do, you need to figure out the table structure, ( ie, column names etc) and then craft your query.
View user's profile Send private message
INSERT sql injection HOW TO
www.waraxe.us Forum Index -> Sql injection
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
All times are GMT
Page 1 of 1

Post new topicReply to topic


Powered by phpBB © 2001-2008 phpBB Group



Space Raider game for Android, free download - Space Raider gameplay video - Zone Raider mobile games
All logos and trademarks in this site are property of their respective owner. The comments and posts are property of their posters, all the rest (c) 2004-2024 Janek Vind "waraxe"
Page Generation: 0.043 Seconds