Click here to Skip to main content
13,736,491 members
Rate this:
 
Please Sign up or sign in to vote.
See more:
Hello,

I'm creating a penetration testing tool to scan for a variety of sql injection vulnerabilities. A simple starting example I'm failing to get working is the following;
http://xxx/update_comment.php?id=test';select case when (select substring(table_name, 1, 1) from information_schema.tables limit 1) = 'b' then 1 else sleep(3) end#

This is the relevant line of my test script which is causing problems;
$conn->query('UPDATE test_table SET id = id WHERE id = \'' . $_GET['id'] . '\'');

When I execute the command which would be executed by the script, in Adminer, it works. But when the script tries it, it returns immediately and as such, no timings can be gathered from the test. What could be causing this immediate return?

What I have tried:

Changing the sleep time
Asking google, to no avail
Posted 13-Oct-18 10:07am
Comments
AntiRix 13-Oct-18 19:52pm
   
I finally figured out it was because you have to use the multiquery method to have multiple queries. My solution was to use one query but have an 'or' statement to append the rest of the injected code rather than have a separate query.

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)

  Print Answers RSS
Top Experts
Last 24hrsThis month


Advertise | Privacy | Cookies | Terms of Service
Web01-2016 | 2.8.180920.1 | Last Updated 13 Oct 2018
Copyright © CodeProject, 1999-2018
All Rights Reserved.
Layout: fixed | fluid

CodeProject, 503-250 Ferrand Drive Toronto Ontario, M3C 3G8 Canada +1 416-849-8900 x 100