Re: [sqlmap-users] SQL Injection in INSERT
Brought to you by:
inquisb
Menu
▾
▴
Re: [sqlmap-users] SQL Injection in INSERT
|
From: Miroslav S. <mir...@gm...> - 2011-02-11 22:34:31
|
hi Jarred.
you haven't stated which DBMS are you dealing with. probably MySQL?
if it's MySQL, I think that this line is not the one affected. you
won't be able to use stacked queries for MySQL/PHP for sure, while
also you won't be able to use INSERT statement to dump into file.
also, for sure, you won't be able to "modify" existing files.
kr
p.s. to read first 50 hex chars from C:\test.txt using that INSERT you
described:
http://192.168.117.129/test_environment/mysql/get_int.php?isdn=1&user=3&user2=2'
AND (SELECT 9822 FROM(SELECT COUNT(*),CONCAT((SELECT
MID(HEX(LOAD_FILE('c:/test.txt')),1,50)),FLOOR(RAND(0)*2))x FROM
library GROUP BY x)a) AND 'bla'='bla
On Fri, Feb 11, 2011 at 6:38 PM, <etc...@gm...> wrote:
> Hello!!
>
> I and my colleague have a problem for university, teacher say that we need
> to upload or modify an existing file and execute function of phpinfo();. We
> are seeing php code, and we think that sql injection is by this code:
>
> $sqlp = ", ($isdn, '$user2' )";
> $sql = "INSERT DELAYED INTO library (isdn, user) VALUES ($isdn,
> '$user')$sqlp";
>
> All GET and POST parameters from this php code are filtered with
> escapeshellcmd function but not parameter of user2, because is value from
> HTTP_X_FORWARDED_FOR. I know that I can modify header of HTT_X_FORWARDED_FOR
> and inject sql code, but I don't know how to save a file, maybe with UNION
> ... INTO OUTFILE? I had tried, but not worked (syntax error).
>
> Another information of problem is that user of db is root.
>
> Thanks!
>
> --
> Jarred
>
> ------------------------------------------------------------------------------
> The ultimate all-in-one performance toolkit: Intel(R) Parallel Studio XE:
> Pinpoint memory and threading errors before they happen.
> Find and fix more than 250 security defects in the development cycle.
> Locate bottlenecks in serial and parallel code that limit performance.
> http://p.sf.net/sfu/intel-dev2devfeb
> _______________________________________________
> sqlmap-users mailing list
> sql...@li...
> https://lists.sourceforge.net/lists/listinfo/sqlmap-users
>
>
--
Miroslav Stampar
E-mail: miroslav.stampar (at) gmail.com
Alternate: miroslav.stampar (at) mail.ru
PGP Key ID: 0xB5397B1B
Location: Zagreb, Croatia
|
