mysql exploitation with error messages

<< Back to blog

A colleague of mine(Aleks) forwarded me a russian presentation on exploiting SQL Injection:

Of all the slides, i particular liked the one in which the author demonstrates that if the mysql error messages have been enabled (using mysql_error() function), then it is possible to retrieve the data from the back-end database using the ExtractValue() function:
>SELECT 1 AND ExtractValue(1, CONCAT(0x5c, (SELECT @@VERSION)))


Error Code : 1105
XPATH syntax error: ‘5.1.44-community’

This should not be confused with the php errors. While the php errors are usually enabled its not “very” common to see developers printing the mysql errors using mysql_error() function. However, its still good to know and could sometimes come handy.

Overall, very nice presentation.


3 Trackbacks

Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>