Comments on: MySQL Injection Cheat Sheet

by: Rafael_@_|trits|

Fri, 20 Jun 2008 15:01:27 +0000

This works great as a quick reference while pentesting but it’s totally crypt if you don’t know exactly what you are doing, and I like it that way so only a few guys on the scene really knows how to do something with that.

Btw, what the hell was that “SELECT * FROM login WHERE id = 1 or 1=1; SELECT VERSION()” .. so now your mysql accepting stacked queries?

by: monika

Tue, 26 Feb 2008 12:58:55 +0000

there is a website,i know it can be sql injected and i read your paper but i tried everything and nothing worked,can you help me please

by: sp00k

Sat, 19 Jan 2008 14:24:59 +0000

Any idea if you can re-authenticate locally to a MySQL db as you can with MSSQL? I’m sitting on an injection as a specific mysql user that has limited permissions (i.e. doesn’t have FILE permission - so no writing to outfile).

In MSSQL you re-connect to the local db with a connection string that inlcudes the other user/password. No idea how to do that in MySQL. Must be some type of syntax to query a remote db, but actually point at the local db (?).

by: .::v-nessa.net::. » The Basic MySQL Injection

Thu, 25 Jan 2007 06:12:45 +0000

[…] http://www.justinshattuck.com/?p=156&akst_action=share-this […]

by: RuFus

Thu, 18 Jan 2007 13:35:24 +0000

I look at the code in front of me, and I am once again reminded of a story.
-Pull up a chair, grab a cup of coco, and enjoy:

OK, so I learned how to write code on an Apple IIe when I was but a pup. I thought I was the warmest turd in the pot after that. I made a cool little text only X-Men fighting game, and passed it out to anyone with a 5 1/4 drive and a little spare time. For the next ten or so years, I took a (well earned) sabbatical from my programming exploits. Then, after becoming fully settled in in my familial unit and establishing myself as an integral pillar of society (*cough cough), I decided that I would change the world by once again utilizing my GOD-GIVEN talents as a programmer, and learn JAVA.

So, basic JAVA class was a joke. A couple of the geeks in the class (present company excluded) even joked about the relevancy of the material being taught — after all, we were all in college now, not elementary! Then, as sequences go, I took the second tier class. The second tier class introduced a concept that was new and stunning (to me) — Object Oriented Programming…

That was the precice moment in which I came to the stunning revalation — that I was retarded.
Apearantly, as I was typing away is blissfull ignorarance on my accursed Apple IIe (running at a blinding speed of 1.023 MHz) there was a group of dissedents that were experimenting with concepts such as encapsulation, classes, and methods… These rebellious scamps were utilizing the devil box, and playing with modified versions of C programming!

Appearantly, C programming lent itself to hundreds of programmers to modify, and create amazing pieces of code. So now people all over the world switched to Object Orientented Programming just because it’s better?!?
Well I have something to say to them:

10 INPUT “What is your name sir or ma’am?: “; U$
20 PRINT U$; “is a waste of space. ”
30 GOTO 20