Re: [sqlmap-users] stacked queries
Brought to you by:
inquisb
From: ml <ml...@sm...> - 2012-12-30 12:41:56
|
dear miroslav I have serious inform me and I found a page "this" http://stackoverflow.com/questions/4190175/combining-mutliple-wordpress-database-queries http://stackoverflow.com/questions/1227835/sql-combine-two-tables-for-one-output talking to other techniques. I have learn a lot thank you Le 2012-12-30 11:30, Miroslav Stampar a écrit : > Hi. > > Stacked queries SQLi, or "SQL piggybacking", is a technique where you > end the current injectable SQL command (most often with a standard > character ";") and append a new independent SQL command. > > E.g. if injectable SQL command (inside page vuln.php) is 'SELECT * > FROM users WHERE id=$_GET("id")' you can try to use stacked query > like > this: > > http://www.target.com/vuln.php?id=1 [8]; INSERT INTO users > VALUES(1,'admin', 'pass') > > Kind regards, > Miroslav Stampar > > On Sun, Dec 30, 2012 at 10:25 AM, ml <ml...@sm... [9]> wrote: > >> he guys >> >> I encounter problems when trying to shell insert into an existing >> table >> >> the shell warns me of sql warnings on requests stacked queries >> >> I'm trying without success you can take the trouble to explain >> http://comments.gmane.org/gmane.comp.security.sqlmap/2437 [1] >> I do not know what is the stacked queries >> >> Please explain to me >> >> -- >> gpg --keyserver pgp.mit.edu [2] --recv-key C2626742 >> http://about.me/fakessh [3] >> >> > > ------------------------------------------------------------------------------ >> Master Visual Studio, SharePoint, SQL, ASP.NET [4], C# 2012, HTML5, >> CSS, >> MVC, Windows 8 Apps, JavaScript and much more. Keep your skills >> current >> with LearnDevNow - 3,200 step-by-step video tutorials by Microsoft >> MVPs and experts. ON SALE this month only -- learn more at: >> http://p.sf.net/sfu/learnmore_123012 [5] >> _______________________________________________ >> sqlmap-users mailing list >> sql...@li... [6] >> https://lists.sourceforge.net/lists/listinfo/sqlmap-users [7] > > -- > Miroslav Stampar > http://about.me/stamparm [10] > > Links: > ------ > [1] http://comments.gmane.org/gmane.comp.security.sqlmap/2437 > [2] http://pgp.mit.edu > [3] http://about.me/fakessh > [4] http://ASP.NET > [5] http://p.sf.net/sfu/learnmore_123012 > [6] mailto:sql...@li... > [7] https://lists.sourceforge.net/lists/listinfo/sqlmap-users > [8] http://www.target.com/vuln.php?id=1 > [9] mailto:ml...@sm... > [10] http://about.me/stamparm -- gpg --keyserver pgp.mit.edu --recv-key C2626742 http://about.me/fakessh |