views:

63

answers:

2

Let's take the following vulnerable query ($id not being escaped):

SELECT * FROM table WHERE id = $id

Would it be possible in MySQL 5.x to modify some data through an UPDATE statement which would appear inside the hacked SELECT statement?

I thought about something using benchmark() function:

SELECT * FROM table WHERE id = id OR benchmark(1, (UPDATE ...))

But it doesn't seem to work:

ERROR 1064 (42000): You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'UPDATE ...

Any other possibilities not using stored procedure?

+2  A: 

Depending on the driver this may pass:

SELECT * FROM table WHERE id = id; UPDATE table ...
Bozho
A: 

Multiple queries.

Darin Dimitrov