|
Sandeep Mewara wrote: PS: You cannot put * in the value anywhere.
Given that you did not put any restrictions on programming language or database software... what comes to my mind is bypassing that rule with a SQL trigraph[^]
Trigraphs | Microsoft Docs[^]
|
|
|
|
|
-1; DELETE FROM test WHERE ID <>
your question was poorly phrased I'd say... but I suggest the value above so that final query is
SELECT * FROM test WHERE id= -1; DELETE FROM test WHERE ID <> 100
|
|
|
|
|
Super Lloyd wrote: your question was poorly phrased I'd say... but I suggest the value above so that final query is
Apologies if that was confusing or I was not able to convey it correctly.
There is a query where something is mentioned in multiline quotes. Text in multiline quote is user driven. Can we put anything in that so that we misuse the queyr?
SELECT * FROM test WHERE id= 100
|
|
|
|
|
Trick question? There is no input value considered:
SELECT * FROM test WHERE id= 100
It's all an in-line comment. If the test table has no id column you'd get an error though. Or am I misunderstanding something? 
|
|
|
|
|
Neh. Just trying to see how to misuse above sceanrio via SQL injection. Currently it is valid sql query that returns data.
|
|
|
|
|
SELECT * FROM test WHERE id= 100
No star needed, just /
Espen Harlinn
Senior Architect - Ulriken Consulting AS
The competent programmer is fully aware of the strictly limited size of his own skull; therefore he approaches the programming task in full humility, and among other things he avoids clever tricks like the plague.Edsger W.Dijkstra
|
|
|
|
|
Just tested this with MySQL and it works fine. What db does this fail with for you?
|
|
|
|
|
SQL Server:
Msg 113, Level 15, State 1, Line 1
Missing end comment mark '/'.
Msg 113, Level 15, State 1, Line 1
Missing end comment mark '/'.
Msg 102, Level 15, State 1, Line 1
Incorrect syntax near '='.
Espen Harlinn
Senior Architect - Ulriken Consulting AS
The competent programmer is fully aware of the strictly limited size of his own skull; therefore he approaches the programming task in full humility, and among other things he avoids clever tricks like the plague.Edsger W.Dijkstra
modified 12-Mar-21 3:52am.
|
|
|
|
|
|
Even if this works, INPUT cannot have * in it. 
|
|
|
|
|
Quote: Even if this works, INPUT cannot have * in it.
It doesn't - I just replaced " INPUT " with "/"
Espen Harlinn
Senior Architect - Ulriken Consulting AS
The competent programmer is fully aware of the strictly limited size of his own skull; therefore he approaches the programming task in full humility, and among other things he avoids clever tricks like the plague.Edsger W.Dijkstra
|
|
|
|
|
The used * are yours, not his
M.D.V. 
If something has a solution... Why do we have to worry about?. If it has no solution... For what reason do we have to worry about?
Help me to understand what I'm saying, and I'll explain it better to you
Rating helpful answers is nice, but saying thanks can be even nicer.
|
|
|
|
|
Did you try:
1. HTML entities, like *
2. ASCII/Unicode in hex/octal \x2a \u002a \052
Some of those might sneak through.
Just a thought from someone who knows nothing of your environment.
Software rusts. Simon Stephenson, ca 1994. So does this signature. me, 2012
|
|
|
|
|
In MySql or MariaDB, most values of INPUT starting with an exclamation mark will cause a syntax error IF there is no space between your opening comment tag and INPUT, eg:
SELECT * FROM test WHERE id= 100 However it's also possible to inject valid SQL that way:
SELECT * FROM test WHERE ID= 100 This query returning all rows in the table. See MySql ref: Comments[^] The idea is that you can then write SQL that works across DBMS, by including code that is only "seen" by MySql.
You can also include query optimiser hints using a similar /*+ hint */ syntax, so you could probably break your query by starting INPUT with a plus sign as well, again only provided there's no space after the opening asterisk.
And yes, this is definitely too much of a programming question to be in the Lounge! 
|
|
|
|
|
Won't a semi-colon (;) cause that comment to end?
|
|
|
|
|
|
Message Closed
modified 5-Apr-21 21:01pm.
|
|
|
|
|
And what the f... is the difference between this and the post just below?
@chris-maunder can you answer that?
[Edit]
No need to answer, also the above one is closed 
Pay attention to the 'body guards' of this forum 
modified 5-Apr-21 21:01pm.
|
|
|
|
|
Are you arguing with yourself?
|
|
|
|
|
Looks like
modified 5-Apr-21 21:01pm.
|
|
|
|
|
Sorry for interrupting. Carry on. 
|
|
|
|
|
When ever I see message closed, I always wonder what was there, spam most likely, dodgy web links the mind boggels, having come across some before they stompend they are not very interesting but...
|
|
|
|
|
if (condition)
{
return;
}
else
{
}
cheers
Chris Maunder
|
|
|
|
|
|
if (condition)
{
return;
}
what about this annoys you?
|
|
|
|
General 
News 
Suggestion 
Question 
Bug 
Answer 
Joke 
Praise 
Rant 
Admin 
Submit an article or tip
