[sqlmap-users] SQL Injection in INSERT
Brought to you by:
inquisb
Menu
▾
▴
[sqlmap-users] SQL Injection in INSERT
|
From: <etc...@gm...> - 2011-02-11 17:38:32
|
Hello!! I and my colleague have a problem for university, teacher say that we need to upload or modify an existing file and execute function of phpinfo();. We are seeing php code, and we think that sql injection is by this code: $sqlp = ", ($isdn, '$user2' )"; $sql = "INSERT DELAYED INTO library (isdn, user) VALUES ($isdn, '$user')$sqlp"; All GET and POST parameters from this php code are filtered with escapeshellcmd function but not parameter of user2, because is value from HTTP_X_FORWARDED_FOR. I know that I can modify header of HTT_X_FORWARDED_FOR and inject sql code, but I don't know how to save a file, maybe with UNION ... INTO OUTFILE? I had tried, but not worked (syntax error). Another information of problem is that user of db is root. Thanks! -- Jarred |
