Questions tagged [SQL injections] (15)

2
answers

As with SQL injection learn the names of the columns?

All the examples about SQL injection written about the fact that they can change the value of any column, enter any of the row with the column name and its value. As with SQL injection can read the column names?
cameron.Labadie asked April 8th 20 at 10:28
3
answers

Sql injection, in Your opinion the best protection?

Attack protection SQL injection attacks, and Your advice
Corine59 asked April 4th 20 at 13:34
8
answers

Is there a database storage backends for sensitive data?

With web applications there is a problem in that in the case of vulnerability in it, you can immediately lose almost all the data that the app has access, and security features SQL does not allow the reliable and fine-tune access rights. For example, if the application has a SQL Injection, then finding it, the cracker just ...
2
answers

Looks like filtering is PHP POST & GET?

Hello. Use this feature to filter GET and POST function formatstr($str) { $str = trim($str); $str = stripslashes($str); $str = htmlspecialchars($str); return $str; }; $login_name=formatstr($_GET['login_name']); For a test I tried to drive $login_name to a string output from the DB - the DB throws an error. I tried to w...
alyce.Kreiger asked March 31st 20 at 20:20
1
answer

As left data appear in the ip in the log of nginx?

there is a log of sql injections 123.132.123.123 - - [19/Sep/2019:04:08:47 +0200] "GET /admin/gsettings.php HTTP/1.1" 302 5 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/76.0.3809.132 Safari/537.36" "';UPDATE users SET tam=1 WHERE username=\x22NameUs\x22;--,111.11.11.11" How is...
adrian.Hauck77 asked March 30th 20 at 00:18
1
answer

To clear the query from potential sql injections?

What are the ways to clear the query from sql injection?It is the request via middleware. Perhaps there is a library or just give advice)
Mariano.Dicki asked March 23rd 20 at 20:11
1
answer

How to fix syntax error 1064 when writing sql injection?

The injection itself: 'and(extractvalue(1,concat(0x3b,(select(group_concat(table_name)from(information_schema.tables))))))and' This is what gives the browser: Notice: Error: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'from(information...
francesca.Ankunding7 asked March 20th 20 at 11:14
1
answer

A joomla 3.3.1 why doesn't exploit sql injection?

Namely, we are talking about CVE-2016-9838, as there is a exploit https://www.exploit-db.com/exploits/41157 written in Python, as I understand in the code just need to change the url the link "victims', but or I something not so do or a site is not vulnerable ( which I highly doubt, since it is not fixed so it must be prese...
2
answers

A joomla 3.3.1 subject to sql injection?

There is a uni which has to be checked for safety against hacking)) In an Internet write that this version has a vulnerability, but I've italca with sqlmap - did not happen. Has anyone dealt with this? Same problem with the brute force Joomla admin, tried Hydra but does not want vratitsa))
Elizabeth_Paucek27 asked March 16th 20 at 21:23
7
answers

So whether you need to use placeholder to avoid injections or handwritten input validation will be more than sufficient?

After reading articles on the Internet, all in one voice say that almost the only way to avoid sql injection is to use placeholder. Everywhere is an example of direct substitution of variables. But what if I, for example, if application id will check whether it is numeric value. In the text variable, I can use regular expre...
dorothy.Braun35 asked March 15th 20 at 23:13