Double query Ir al reto Training: MySQL II
Clasificación global: 78
Puntuación total: 202645
Mensajes: 1
Agradecer: 1
Voto positivo: 1
Registrado: 14A 187d
Última vez visto: 24d 22h
El usuario está desconectado
Double query
Febrero 19, 2018 - 16:31:11 (6A 84d)
Febrero 19, 2018 - 16:31:11 (6A 84d)
I'm trying to inject a second command that will get executed after the select, but before the password check. Am I on the right track?
This works locally for me, but when I try it on wechall I get an "GDO 1064". Is there something "blocking" executing two queries with the command "queryFirst"?
This works locally for me, but when I try it on wechall I get an "GDO 1064". Is there something "blocking" executing two queries with the command "queryFirst"?
Clasificación global: 253
Puntuación total: 87267
Mensajes: 1639
Agradecer: 1339
Voto positivo: 887
Registrado: 16A 88d
Última vez visto: 3m 24s
El usuario está desconectado
RE: Double query
Febrero 20, 2018 - 18:43:43 (6A 83d)
Febrero 20, 2018 - 18:43:43 (6A 83d)
You cannot execute two queries in a single query.
This is a limitation, once introduced for security, in mysql/mysqli (if i recall correctly)
Most other languages and their mysql bindings should have the same limits.
I googled a bit and it seems that it would be possible.
Take a look at https://stackoverflow.com/questions/802437/how-to-execute-two-mysql-queries-as-one-in-php-mysql
This is a limitation, once introduced for security, in mysql/mysqli (if i recall correctly)
Most other languages and their mysql bindings should have the same limits.
I googled a bit and it seems that it would be possible.
Take a look at https://stackoverflow.com/questions/802437/how-to-execute-two-mysql-queries-as-one-in-php-mysql
The geeks shall inherit the properties and methods of object earth.
Clasificación global: 14621
Puntuación total: 104
Mensajes: 1
Agradecer: 1
Voto positivo: 1
Registrado: 5A 337d
Última vez visto: 5A 335d
El usuario está desconectado
RE: Double query
Junio 13, 2018 - 07:55:20 (5A 336d)
Junio 13, 2018 - 07:55:20 (5A 336d)
with the username, I can use the sql injection, but I don't know how to bypass the password check.
Clasificación global: 1
Puntuación total: 759855
Mensajes: 434
Agradecer: 493
Voto positivo: 461
Registrado: 14A 292d
El usuario está desconectado
RE: Double query
Junio 13, 2018 - 15:04:45 (5A 336d)
Junio 13, 2018 - 15:04:45 (5A 336d)
exp32, that is not a question. It also does not relate to the topic of this thread.
Perhaps research SQLi a bit more?
Perhaps research SQLi a bit more?
Clasificación global: 253
Puntuación total: 87267
Mensajes: 1639
Agradecer: 1339
Voto positivo: 887
Registrado: 16A 88d
Última vez visto: 3m 25s
El usuario está desconectado
RE: Double query
Junio 14, 2018 - 19:38:36 (5A 334d)
Junio 14, 2018 - 19:38:36 (5A 334d)
@exp32: Just make your sent data fulfil the password check.... at least that's what i want you todo ;)
The geeks shall inherit the properties and methods of object earth.
tunelko, Redknee, silenttrack, n0tHappy, quangntenemy, TheHiveMind, Z, balicocat, Ge0, samuraiblanco, arraez, jcquinterov, hophuocthinh, alfamen2, burhanudinn123, Ben_Dover, stephanduran89, braddie0, JanLitwin17, SwolloW, dangarbri se suscribieron a este tema y reciben emails en nuevas publicaciones.
1 personas están viendo el tema ahora mismo.
Este tema ha sido visto 3666 veces.
1 personas están viendo el tema ahora mismo.
Este tema ha sido visto 3666 veces.