sqlmap-users

[sqlmap-users] stacked queries

[ml <ml...@sm...>]

he guys


I encounter problems when trying to shell insert into an existing table

the shell warns me of sql warnings on requests stacked queries

I'm trying without success you can take the trouble to explain
http://comments.gmane.org/gmane.comp.security.sqlmap/2437
I do not know what is the stacked queries

Please explain to me

-- 
gpg --keyserver pgp.mit.edu --recv-key C2626742
http://about.me/fakessh

Re: [sqlmap-users] stacked queries

[Miroslav S. <mir...@gm...>]

Hi.

Stacked queries SQLi, or "SQL piggybacking", is a technique where you end
the current injectable SQL command (most often with a standard character
";") and append a new independent SQL command.

E.g. if injectable SQL command (inside page vuln.php) is 'SELECT * FROM
users WHERE id=$_GET("id")' you can try to use stacked query like this:

http://www.target.com/vuln.php?id=1; INSERT INTO users VALUES(1,'admin',
'pass')

Kind regards,
Miroslav Stampar

On Sun, Dec 30, 2012 at 10:25 AM, ml <ml...@sm...> wrote:

> he guys
>
>
> I encounter problems when trying to shell insert into an existing table
>
> the shell warns me of sql warnings on requests stacked queries
>
> I'm trying without success you can take the trouble to explain
> http://comments.gmane.org/gmane.comp.security.sqlmap/2437
> I do not know what is the stacked queries
>
> Please explain to me
>
> --
> gpg --keyserver pgp.mit.edu --recv-key C2626742
> http://about.me/fakessh
>
>
> ------------------------------------------------------------------------------
> Master Visual Studio, SharePoint, SQL, ASP.NET, C# 2012, HTML5, CSS,
> MVC, Windows 8 Apps, JavaScript and much more. Keep your skills current
> with LearnDevNow - 3,200 step-by-step video tutorials by Microsoft
> MVPs and experts. ON SALE this month only -- learn more at:
> http://p.sf.net/sfu/learnmore_123012
> _______________________________________________
> sqlmap-users mailing list
> sql...@li...
> https://lists.sourceforge.net/lists/listinfo/sqlmap-users
>
>


-- 
Miroslav Stampar
http://about.me/stamparm

Re: [sqlmap-users] stacked queries

[ml <ml...@sm...>]

dear miroslav


I have serious inform me and I found a page "this"
http://stackoverflow.com/questions/4190175/combining-mutliple-wordpress-database-queries
http://stackoverflow.com/questions/1227835/sql-combine-two-tables-for-one-output
talking to other techniques.


I have learn a lot thank you

Le 2012-12-30 11:30, Miroslav Stampar a écrit :
> Hi.
>
> Stacked queries SQLi, or "SQL piggybacking", is a technique where you
> end the current injectable SQL command (most often with a standard
> character ";") and append a new independent SQL command.
>
> E.g. if injectable SQL command (inside page vuln.php) is 'SELECT *
> FROM users WHERE id=$_GET("id")' you can try to use stacked query 
> like
> this: 
>
> http://www.target.com/vuln.php?id=1 [8]; INSERT INTO users
> VALUES(1,'admin', 'pass')
>
> Kind regards,
> Miroslav Stampar
>
> On Sun, Dec 30, 2012 at 10:25 AM, ml <ml...@sm... [9]> wrote:
>
>> he guys
>>
>> I encounter problems when trying to shell insert into an existing
>> table
>>
>> the shell warns me of sql warnings on requests stacked queries
>>
>> I'm trying without success you can take the trouble to explain
>> http://comments.gmane.org/gmane.comp.security.sqlmap/2437 [1]
>> I do not know what is the stacked queries
>>
>> Please explain to me
>>
>> --
>> gpg --keyserver pgp.mit.edu [2] --recv-key C2626742
>> http://about.me/fakessh [3]
>>
>>
> 
> ------------------------------------------------------------------------------
>> Master Visual Studio, SharePoint, SQL, ASP.NET [4], C# 2012, HTML5,
>> CSS,
>> MVC, Windows 8 Apps, JavaScript and much more. Keep your skills
>> current
>> with LearnDevNow - 3,200 step-by-step video tutorials by Microsoft
>> MVPs and experts. ON SALE this month only -- learn more at:
>> http://p.sf.net/sfu/learnmore_123012 [5]
>> _______________________________________________
>> sqlmap-users mailing list
>> sql...@li... [6]
>> https://lists.sourceforge.net/lists/listinfo/sqlmap-users [7]
>
> --
> Miroslav Stampar
> http://about.me/stamparm [10]
>
> Links:
> ------
> [1] http://comments.gmane.org/gmane.comp.security.sqlmap/2437
> [2] http://pgp.mit.edu
> [3] http://about.me/fakessh
> [4] http://ASP.NET
> [5] http://p.sf.net/sfu/learnmore_123012
> [6] mailto:sql...@li...
> [7] https://lists.sourceforge.net/lists/listinfo/sqlmap-users
> [8] http://www.target.com/vuln.php?id=1
> [9] mailto:ml...@sm...
> [10] http://about.me/stamparm

-- 
gpg --keyserver pgp.mit.edu --recv-key C2626742
http://about.me/fakessh