Username: 
Password: 
Restrict session to IP 

Double query  Go to the Training: MySQL II challenge

Global Rank: 130
Totalscore: 132525
Posts: 1
Thanks: 1
UpVotes: 1
Registered: 10y 13d




Last Seen: 105d 9h
The User is Offline
Double query
Google/translate1Thank You!1Good Post!0Bad Post! link
I'm trying to inject a second command that will get executed after the select, but before the password check. Am I on the right track?
This works locally for me, but when I try it on wechall I get an "GDO 1064". Is there something "blocking" executing two queries with the command "queryFirst"?
Global Rank: 233
Totalscore: 84898
Posts: 1347
Thanks: 1198
UpVotes: 710
Registered: 11y 279d




Last Seen: 2d 3h
The User is Offline
RE: Double query
Google/translate0Thank You!1Good Post!0Bad Post! link
You cannot execute two queries in a single query.
This is a limitation, once introduced for security, in mysql/mysqli (if i recall correctly)

Most other languages and their mysql bindings should have the same limits.

I googled a bit and it seems that it would be possible.

Take a look at https://stackoverflow.com/questions/802437/how-to-execute-two-mysql-queries-as-one-in-php-mysql
The geeks shall inherit the properties and methods of object earth.
Global Rank: 10568
Totalscore: 75
Posts: 1
Thanks: 1
UpVotes: 1
Registered: 1y 163d
Last Seen: 1y 161d
The User is Offline
RE: Double query
Google/translate1Thank You!1Good Post!0Bad Post! link
with the username, I can use the sql injection, but I don't know how to bypass the password check.
Global Rank: 1
Totalscore: 755493
Posts: 395
Thanks: 428
UpVotes: 377
Registered: 10y 118d












The User is Offline
RE: Double query
Google/translate1Thank You!1Good Post!0Bad Post! link
exp32, that is not a question. It also does not relate to the topic of this thread.

Perhaps research SQLi a bit more?
Global Rank: 233
Totalscore: 84898
Posts: 1347
Thanks: 1198
UpVotes: 710
Registered: 11y 279d




Last Seen: 2d 3h
The User is Offline
RE: Double query
Google/translate0Thank You!1Good Post!0Bad Post! link
@exp32: Just make your sent data fulfil the password check.... at least that's what i want you todo ;)
The geeks shall inherit the properties and methods of object earth.
tunelko, Redknee, silenttrack, qdxy, n0tHappy, TheHiveMind, Z, Ge0, samuraiblanco, arraez, jcquinterov, hophuocthinh, alfamen2, burhanudinn123, Ben_Dover, stephanduran89 have subscribed to this thread and receive emails on new posts.
1 people are watching the thread at the moment.
This thread has been viewed 1378 times.