Hi, I am doing a mysql injection on a site (for educational purpose i promise hehe), now, It uses mysql as its database, I cannot do: "; UPDATE..." so my question is, if i do: "OR id=(update...)".. as a subquery, that of course doesn't make any sense yet will it execute the update on the table i choose?
Your success or failure will depend on a number of factors. The first major hurdle you face is whether or not you "friend" was smart enough to use PHP for his database inputs and use the line mysql_real_escape_string
which will prevent you from sending any commands through his textboxes and/or other input areas.
http://php.net/manual/en/function.mysql-real-escape-string.php
Your second major hurdle after determining that mysql_real_escape_string
has not been used is to determine the true name of the table you want to update. I personally never expose my true database names to the web, I use pseudo names which represent the true names.
If you have succeeded this far you should be able to manipulate the MYSQL server in any way you see fit.
Check out this link for more helpful tips. I have never utilized any of these techniques in a manner other than testing my own MYSQL servers for vulnerabilities.
http://old.justinshattuck.com/2007/01/18/mysql-injection-cheat-sheet/