 |
|
 |
 |
Menu |
 |
|
 Home |
| |
|
 Discussions |
| |
|
 Tools |
| |
|
| Affiliates |
| |
|
 Content |
| |
|
 Info |
| | |
|
|
|
|
|
User Info |
|
 Membership:
 Latest: MichaelSnaRe
 New Today: 0
 New Yesterday: 0
 Overall: 9144
 People Online:
 Visitors: 86
 Members: 0
 Total: 86
|
|
|
|
|
|
Full disclosure |
|
|
|
 |
|
 |
 |
|
 |
IT Security and Insecurity Portal |
|
|
Exploitable? |
|
 Posted: Mon May 17, 2004 9:57 pm |
 |
|
| guesty |
| Beginner |
 |
|
| Joined: May 17, 2004 |
| Posts: 3 |
|
|
|
 |
|
 |
|
This one is from article.php
$db->sql_query("UPDATE ".$prefix."_stories SET counter=counter+1 where sid=$sid");
If you will answer to my last question on this forum I'll probably understand this mechanism 
So here is SELECt possible? or just UPDATE. If update, so then I could update 4 ex. new passwd for admin? |
|
|
|
|
| Posted: Mon May 17, 2004 10:03 pm |
|
|
| waraxe |
| Site admin |
 |
|
| Joined: May 11, 2004 |
| Posts: 2407 |
| Location: Estonia, Tartu |
|
|
|
|
|
|
| You can use UNION stuff only in SELECT constructions. With UPDATE you can only fail sql query and turn this to full path disclosure or xss. When mysql version 4.1 will be in wide use, then by using of the subselects functionality there will be available new possibilities (blindfolded sql injection). |
|
|
|
|
www.waraxe.us Forum Index -> Sql injection
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
|
All times are GMT
Page 1 of 1
|
|
|
|
Powered by phpBB © 2001-2008 phpBB Group
|
|
|
|
|
|
|
