Waraxe IT Security Portal

hihi · Beginner

hi.

one question.
When i have sql query INSERT for example:

INSERT INTO kupa_w_dupe VALUES ('', '', '', '', '', '', '', '', '', '$sqx', '', '','','','','','','')

wher in $sqx can you insert sql code.
And for example $sqx='' +('SELECT x FROM y WHERE z=z')+ ''

so
INSERT INTO kupa_w_dupe VALUES ('', '', '', '', '', '', '', '', '', '' +('SELECT X FROM y WHERE z=z')+ '', '', '','','','','','','')
but the SELECT can not insert varible From table y. What is wrong?
Or how to use sql injection INSERT? (mysql)

i use mysql 4.0

and big thx

dairy123 · Beginner

whatever you have between the single quotes, SQL considers that as data.
and inserts it as a string.

You cannot have an embedded query like that. you are trying to do something like perl and php do - in SQL.

Maybe one solution for your prob. might be select x from y put it an temp variable, and then use that temp vble in the insert. or you might have to do a cursor to insert a new value of the temp variable in a loop.

looks something like this in mssql

declare @x varchar(3)
select @x = x from y where z = z
insert into test ('1', '2', @x)

Kaj · Beginner

Thanks for the swift reply Very Happy

, I'm a computer science student but you've completely lost me lol.

I have a forum, at www.myurl.com and the flaw is in the global.php, so I'm trying to work out the SQL query needed to return the password for a user to me. What SQL query woud I need to use to get the password for a user via their user number please? And could it all be done through my browser?

Thanks

dairy123 · Beginner

well, the question would be which Forum are you trying to hack. Check out the advisories for SQL injection on this site - all the queries you need to pass are pretty much there. if this is like a custom hack you are trying to do, you need to figure out the table structure, ( ie, column names etc) and then craft your query.