Results 1 to 2 of 2

Thread: SQL injection: Replace SELECT query with INSERT/UPDATE statement

Hybrid View

  1. #1
    Just burned their ISO
    Join Date
    Mar 2013
    Posts
    1

    Default SQL injection: Replace SELECT query with INSERT/UPDATE statement

    Hello,

    Does anybody know if it is possible to use sqlmap to inject into a SQL SELECT query, which takes in POST variables from web form - to alter it to an INSERT or UPDATE statement - possible by using the --prefix and --suffix switches?

    For example, is it possible to replace
    Code:
    "SELECT full_name FROM people WHERE id=$_POST['id'] AND username=$_POST['username']"
    With either of the following
    Code:
    "INSERT INTO people VALUES ('0', 'Mr. Back Track', 'BT')"
    Code:
    "UPDATE people SET username='change' WHERE id=$_POST['id']"
    If there is another way to achieve this, suggestions would be welcome. I've tried stacking queries to append an INSERT/UPDATE statement after the SELECT, but keep getting syntax errors.

    Thanks.

  2. #2
    My life is this forum thorin's Avatar
    Join Date
    Jan 2010
    Posts
    2,629

    Default Re: SQL injection: Replace SELECT query with INSERT/UPDATE statement

    Unless the entire query is controllable from the parameter then no you can't morph a select into an insert or update. However, you can likely alter one or more parameters affecting the where clause of the query. Which along with various comment delimiters may allow you to remove restrictions of the where clause or chain your own query along with the select.

    1) Simply assemble the HTTP request by hand and send it via netcat or telnet to the appropriate service etc.
    2) Fix your syntax (keep in mind semi-colon normally delimits queries, and that you can use various comment constructs to get rid of bit on the original you don't like).
    3) Alter the source code of sqlmap.
    I'm a compulsive post editor, you might wanna wait until my post has been online for 5-10 mins before quoting it as it will likely change.

    I know I seem harsh in some of my replies. SORRY! But if you're doing something illegal or posting something that seems to be obvious BS I'm going to call you on it.

Similar Threads

  1. insert pico e16 after boot
    By imported_Joerg in forum OLD Latest Public Release - BackTrack4 Beta
    Replies: 0
    Last Post: 03-05-2009, 10:57 AM
  2. IPW 3945 injection driver query
    By spook202 in forum OLD Newbie Area
    Replies: 5
    Last Post: 08-18-2007, 04:06 PM
  3. Madwifi update - slower injection.
    By beamen in forum OLD Wireless
    Replies: 8
    Last Post: 08-01-2007, 10:20 AM
  4. cardctl insert:eject
    By gary2007 in forum OLD BackTrack v2.0 Final
    Replies: 2
    Last Post: 03-20-2007, 05:38 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •