Escaping out of a select query to run a statement that modifies data in the database



  • Lets say you use SELECT * FROM ($query) sub where you can swap $query to any query you wish. Is there a way to escape this select and run a command that modifies data in the database?



  • There is an SQL attack called Stacked Queries, this type of attack is done by adding an semicolon -> ; to terminate an SQL statement. Example:

    /*Malicious user input by attacker*/
            1; DELETE FROM sub
            
    /*This example executes multiple statements*/
    SELECT * FROM sub WHERE subid=1; DELETE FROM sub
    

    Not all SQL injections attack may allow that, you can give it an try via sqlmap (if possible) and prompt an sql shell and try to run an query that will alter the data.



Suggested Topics

  • 2
  • 2
  • 2
  • 2
  • 2
  • 2
  • 2
  • 2