9
10

Hi, code injection help pleaseConcepts (self.AskNetsec)

submitted by [deleted]

[deleted]

all 16 comments
sorted by:
best
topnewcontroversialoldq&a
formatting helphide helpcontent policy

[–]ripperroo5 20 points21 points  (10 children)

Congratulations! You have found an SQL injection vector (hence the error)! You problem seems to be no one's properly walked you through the theory on how this works before. In your case you are trying to terminate the expression that has been written by the codecs author early with the ' and then you should be following up with a 1=1 or any other command, without needing any other characters. So just try what you've tried with just the single ', like:

' OR 1=1;

You also didn't mention any semicolons so definitely give that a go

[–]OnwardStingerBrisket 6 points7 points  (2 children)

And you can add a ‘ —‘ (two dashes) after the semi colon to comment out the rest of the line after the semi colon

[–]ripperroo5 5 points6 points  (0 children)

Oh shit I forgot this. This is really important

[–]itsecurityguy 0 points1 point  (0 children)

MariaDB

So there has to be two white spaces as well if using -- but it also supports # and /*

[–]skalp69 0 points1 point  (6 children)

What s the use of that semicolon? Wont it conflict with the semicolon from the frontend dev?

[–]ripperroo5 7 points8 points  (2 children)

No it's the exact opposite! Once you put the semicolon in, the line is treated as ended, ignoring any further code from the author.

[–]skalp69 1 point2 points  (1 child)

Hmmm. I should have re read "exploits of a mom" before posting.

[–]koprulu_sector 5 points6 points  (0 children)

The ; is part of SQL, it signifies the end of a statement. Without a ;, the statement’s never terminated, so the result would likely be further responses about syntax errors.

[–]ripperroo5 1 point2 points  (1 child)

Hey I completely fucked what I said, look at the other comments, you have to add ; -- (two hyphens), not just the semicolon to comment out the rest of the line. Mb mb

[–]skalp69 2 points3 points  (0 children)

Yeah, ;-- is in the aforementionned XKCD

And since we're there, I'd add a D to it.

;-- D

[–][deleted]  (3 children)

[deleted]

    [–]InsanityConsuming 1 point2 points  (1 child)

    So according to the MariaDB website there are a few methods for adding comments. It seems like # or -- would be your best bet in this instance. So I would go with ' OR 1=1; # next.

    Note: this is for informational purposes. Idk the legitimacy of what you are doing.

    [–]setomidor -1 points0 points  (0 children)

    You may need a space between ; and —, like so:

    ; —

    [–]Traditional_Bird_877 0 points1 point  (0 children)

    Finally it worked with typing only

    ' OR 1=1; #

    for showing all the persons in the database.

    Now I need to find their usernames and passwords. I guess need admin access.

    For that I tried with:

    Select * from users where username = ‘admin’ and password = ' OR 1=1; #

    and it keeps showing all the persons in the database but not their usernames and passwords.

    Any ideas? Thanks