Successfully reported this slideshow.
Your SlideShare is downloading. ×

SQL Injection INSERT ON DUPLICATE KEY trick

May. 09, 2016
1 like 1,341 views
Ad
Ad
Ad
Ad
Ad
Ad
Ad
Ad
Ad
Ad
Ad
Upcoming SlideShare
NiUG 2012 Discovery Orlando: Advanced IQA
NiUG 2012 Discovery Orlando: Advanced IQA
Loading in …3
×

Check these out next

Bug Bounty - Hackers Job
Arbin Godar
Hackfest presentation.pptx
Peter Yaworski
If You Can't Beat 'Em, Join 'Em (AppSecUSA)
bugcrowd
Web Hacking With Burp Suite 101
Zack Meyers
Writing vuln reports that maximize payouts - Nullcon 2016
bugcrowd
The Game of Bug Bounty Hunting - Money, Drama, Action and Fame
Abhinav Mishra
Bug Bounty - Play For Money
Shubham Gupta
Bug Bounty Secrets
n|u - The Open Security Community
1 of 7 Ad

SQL Injection INSERT ON DUPLICATE KEY trick

May. 09, 2016
1 like 1,341 views

Download to read offline

Technology

Lightning talk I gave at SEC-T spring pub 2016, talking about how to use the "ON DUPLICATE KEY UPDATE" syntax to not only extract but also modify/add information in the database.

The example I brought up was a site that had an SQL Injection in the register page, which could be used to change the admin password without having to crack it.

Lightning talk I gave at SEC-T spring pub 2016, talking about how to use the "ON DUPLICATE KEY UPDATE" syntax to not only extract but also modify/add information in the database.

The example I brought up was a site that had an SQL Injection in the register page, which could be used to change the admin password without having to crack it.

Technology
Advertisement

Recommended

NiUG 2012 Discovery Orlando: Advanced IQA
Kye Hittle
4.5k views
58 slides
NiUG 2012 Discovery Orlando: Beginning IQA
Kye Hittle
4.6k views
98 slides
Breaking AngularJS Javascript sandbox
Mathias Karlsson
2.2k views
6 slides
Polyglot payloads in practice by avlidienbrunn at HackPra
Mathias Karlsson
14.2k views
49 slides
The Secret Life of a Bug Bounty Hunter – Frans Rosén @ Security Fest 2016
Frans Rosén
9.1k views
94 slides
Final slide by avlidienbrunn at HackPra
Mathias Karlsson
1.9k views
1 slide
CPQi presentation \
Terry Boyland
1.4k views
13 slides
Crossing Origins by Crossing Formats
internot
1.2k views
26 slides
Advertisement

More Related Content

Viewers also liked (19)

Bug Bounty - Hackers Job
Arbin Godar
1.3k views
Hackfest presentation.pptx
Peter Yaworski
3.6k views
If You Can't Beat 'Em, Join 'Em (AppSecUSA)
bugcrowd
640 views
Web Hacking With Burp Suite 101
Zack Meyers
7.9k views
Writing vuln reports that maximize payouts - Nullcon 2016
bugcrowd
2.9k views
The Game of Bug Bounty Hunting - Money, Drama, Action and Fame
Abhinav Mishra
3.7k views
Bug Bounty - Play For Money
Shubham Gupta
1.8k views
Bug Bounty Secrets
n|u - The Open Security Community
6.1k views
Bug Bounty for - Beginners
Himanshu Kumar Das
6.2k views
Bug Bounty 101
Shahee Mirza
5.5k views
Atelier competentia plan de formation 27 mars et 3 avril
Catherine Bardiau
4.5k views
Bug Bounty Hunter Methodology - Nullcon 2016
bugcrowd
12.2k views
Understanding SharePoint site structure what's inside
Benjamin Niaulin
33k views
Encontro Associados Q1 @ Banco Original
Mobile Marketing Association
472 views
Synack cirtical infrasructure webinar
Synack
858 views
[DefCon 2016] I got 99 Problems, but 
Little Snitch ain’t one!
Synack
1.4k views
Zeronights 2016 - Automating iOS blackbox security scanning
Synack
2.9k views
How to steal and modify data using Business Logic flaws - Insecure Direct Obj...
Frans Rosén
7.1k views
Time based CAPTCHA protected SQL injection through SOAP-webservice
Frans Rosén
3.8k views
Bug Bounty - Hackers Job
Arbin Godar
1.3k views
12 slides
Hackfest presentation.pptx
Peter Yaworski
3.6k views
24 slides
If You Can't Beat 'Em, Join 'Em (AppSecUSA)
bugcrowd
640 views
43 slides
Web Hacking With Burp Suite 101
Zack Meyers
7.9k views
83 slides
Writing vuln reports that maximize payouts - Nullcon 2016
bugcrowd
2.9k views
12 slides
The Game of Bug Bounty Hunting - Money, Drama, Action and Fame
Abhinav Mishra
3.7k views
25 slides

Recently uploaded (20)

U2-LP2.ppt
AJAYVISHALRP
0 views
Wearable App Development.pdf
Sanjaysharma994654
2 views
U3-PPT-1 (1).ppt
AJAYVISHALRP
0 views
PET CT-1.pptx
VanshikaGarg76
0 views
Hyperledger Blockchain Development Services
Mobiloitte Technologies
0 views
Adenovirus Delivery System.pdf
Candy Swift
0 views
The Intelligence Wars -Neopolitics of so-called ”A.I.” in the Digital Post-tr...
Bogdan Bocse
0 views
Series Routers V600R021C00.pptx
Kipsindo Kibet
0 views
LiteratureReview.ppt
shaikanjum16
1 view
OpenMP.pptx
MunimAkhtarChoudhury
0 views
Tiny Puppet Can Install Everything. Prove me wrong!
Alessandro Franceschi
0 views
SAP S_4HANA Migration Cockpit - Deep Dive LTMOM for Direct Transfer.pdf
ssuserf6d533
0 views
Food Truck Market.pdf
RushiDalve
0 views
International Journal on Soft Computing (IJSC) - h-index 24
ijsc
0 views
Building CI_CD for Mobile Development.pptx
GurzuInc
2 views
LECT_TWO.pptx
YehoshaphatJoshua
0 views
0578-computer-fundamentals.pptx
ODINARARCH
0 views
ADCC-Enhanced Antibody Development.pdf
Candy Swift
0 views
keyboard notes.pptx
mbombongafu
0 views
Top 4 Best Cross-Platform App Development Frameworks
Mobio Solutions
0 views
U2-LP2.ppt
AJAYVISHALRP
0 views
17 slides
Wearable App Development.pdf
Sanjaysharma994654
2 views
6 slides
U3-PPT-1 (1).ppt
AJAYVISHALRP
0 views
18 slides
PET CT-1.pptx
VanshikaGarg76
0 views
35 slides
Hyperledger Blockchain Development Services
Mobiloitte Technologies
0 views
2 slides
Adenovirus Delivery System.pdf
Candy Swift
0 views
14 slides
Advertisement

SQL Injection INSERT ON DUPLICATE KEY trick

  1. 1. • Login • Register • View article • Admin • Bcrypt, so couldn't get into admin panel :((
  2. 2. Hm!
  3. 3. +
  4. 4. Password of user 'admin' is now the same as password of user 'attacker'!
  5. 5. SQL Injection in INSERT is sometimes worse than SQL injection in SELECT Lightning talk by @avlidienbrunn (Mathias Karlsson)

×