Home > Developer > MySQL

The Mysql database uses the CONCAT function to execute SQL injection queries _mysql

Source: Internet
Author: User
Tags sql injection
Developer on Alibaba Coud: Build your first app with APIs, SDKs, and tutorials on the Alibaba Cloud. Read more >

SQL injection statements sometimes use the substitution query technology, that is, let the original query statements can not find the results of errors, and let the query to build their own execution, and the implementation of the results instead of the original query query results displayed.

For example: The original query statement is

Copy Code code as follows:

Select Username,email,content from test_table where User_id=uid;

Where the UID is entered by the user. The normal display result will appear the user name, the user mailbox, the user message content. However, if the UID filter is lax, we can construct the following SQL statement to obtain any data table information.
Copy Code code as follows:

Uid=-1 Union Select Username, password,content from test_talbe where user_id= administrator id;

The actual implementation is
Copy Code code as follows:

Select Username,email,content from test_table where user_id=-1 Union select username, password,content from Test_talbe whe Re user_id= admin ID;

Where the normal user emai is displayed, it becomes the password to display the administrator.

However, often things are not so simple, the first to find vulnerabilities, and then construct such statements to consider the type of each field, so that the int or samllint type of field display varchar is obviously inappropriate. This is the last thing to say.

If the problem SQL statement has only one or two fields to do, we want to know a lot of things, one or two fields are too few, far from meeting our needs. Then we can use the concat function.

The CONCAT function would have been such a select CONCAT (' My ', ' S ', ' QL '), and the result was ' MySQL '. Which is the connecting effect. We use it to serve us,

Copy Code code as follows:

Uid=-1 Union Select Username, concat (password,sex,address,telephone), content from Test_talbe where user_id= administrator id;

This statement actually inquires six fields, but when displayed, the Password,sex,address,telephone and other fields together, displayed in the original should show the email place.

Better way: Divide the separator between:

Copy Code code as follows:

Uid=-1 Union Select Username, concat (password,0x3a,sex,0x3a,address,0x3a,telephone), content from Test_talbe where user _id= Administrator ID;

Where 0x3a is ":" in the 16 form.

This article is an English version of an article which is originally in the Chinese language on aliyun.com and is provided for information purposes only. This website makes no representation or warranty of any kind, either expressed or implied, as to the accuracy, completeness ownership or reliability of the article or any translations thereof. If you have any concerns or complaints relating to the article, please send an email, providing a detailed description of the concern or complaint, to info-contact@alibabacloud.com. A staff member will contact you within 5 working days. Once verified, infringing content will be removed immediately.

Related Keywords:
wordpress the field sql injection concat common sql injection queries sql execute multiple queries how to protect mysql database from sql injection attacks sql uses to extract records from database how to execute function in sql
Related Article
The efficiency of MySQL nested query and connection query

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

What's Trending
Top 10 Tags
datastax versions naming convention zookeeper client class definition md5 microsoft sql server 2005 data structures exception handling error handling
Top 10 Keywords
microsoft download center down wordpress address url site address url wordpress address url windows installer 4 0 download 302 not found web address url definition site address url wordpress db2 integer mac os installation step by step pdf abbreviation for return

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

Get Started for Free

  • Sales Support

    1 on 1 presale consultation

    Chat Contact Sales

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

    Open a Ticket

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.

    Learn More