Lets say you use SELECT * FROM ($query) sub where you can swap $query to any query you wish. Is there a way to escape this select and run a command that modifies data in the database?
Add a comment |
1 Answer
There is an SQL attack called Stacked Queries, this type of attack is done by adding an semicolon -> ; to terminate an SQL statement. Example:
/*Malicious user input by attacker*/ 1; DELETE FROM sub /*This example executes multiple statements*/ SELECT * FROM sub WHERE subid=1; DELETE FROM sub Not all SQL injections attack may allow that, you can give it an try via sqlmap (if possible) and prompt an sql shell and try to run an query that will alter the data.
