Mathias Karlsson, profile picture
Uploaded byMathias Karlsson
PDF, PPTX1,475 views

SQL Injection INSERT ON DUPLICATE KEY trick

The document discusses a security issue involving a login system where an SQL injection vulnerability allows the attacker to change the admin's password to the same as that of a regular user. It references a lightning talk by Mathias Karlsson, highlighting that SQL injection during insertion can be more severe than during selection. Overall, it emphasizes the importance of securing applications against such vulnerabilities.

Embed presentation

Download as PDF, PPTX
• Login • Register • View article • Admin • Bcrypt, so couldn't get into admin panel :((
Hm!
+
Password of user 'admin' is now the same as password of user 'attacker'!
SQL Injection in INSERT is sometimes worse than SQL injection in SELECT Lightning talk by @avlidienbrunn (Mathias Karlsson)

More Related Content

PPTX
Abusing Microsoft Kerberos - Sorry you guys don't get it
byBenjamin Delpy
 
PPTX
Hunting for APT in network logs workshop presentation
byOlehLevytskyi1
 
PPTX
Become A Security Master
byChong-Kuan Chen
 
PDF
Building Advanced XSS Vectors
byRodolfo Assis (Brute)
 
PDF
Neat tricks to bypass CSRF-protection
byMikhail Egorov
 
PDF
Burp suite
byYashar Shahinzadeh
 
PPTX
Deep understanding on Cross-Site Scripting and SQL Injection
byVishal Kumar
 
PDF
Lecture #24 : Cross Site Request Forgery (CSRF)
byDr. Ramchandra Mangrulkar
 
Abusing Microsoft Kerberos - Sorry you guys don't get it
byBenjamin Delpy
 
Hunting for APT in network logs workshop presentation
byOlehLevytskyi1
 
Become A Security Master
byChong-Kuan Chen
 
Building Advanced XSS Vectors
byRodolfo Assis (Brute)
 
Neat tricks to bypass CSRF-protection
byMikhail Egorov
 
Burp suite
byYashar Shahinzadeh
 
Deep understanding on Cross-Site Scripting and SQL Injection
byVishal Kumar
 
Lecture #24 : Cross Site Request Forgery (CSRF)
byDr. Ramchandra Mangrulkar
 

What's hot

PDF
Présentation ELK/SIEM et démo Wazuh
byAurélie Henriot
 
PDF
ARM and SoC Traning Part I -- Overview
byNational Cheng Kung University
 
PPTX
Password Attack
bySina Manavi
 
PDF
Linux Komut Satırı
byKemal Demirez
 
PDF
The Secret Life of a Bug Bounty Hunter – Frans Rosén @ Security Fest 2016
byFrans Rosén
 
PPTX
Deep dive into ssrf
byn|u - The Open Security Community
 
PPTX
Waf bypassing Techniques
byAvinash Thapa
 
PDF
Practical Malware Analysis: Ch 15: Anti-Disassembly
bySam Bowne
 
PPTX
Mitre Attack - Credential Dumping - updated.pptx
bywaizuq
 
PPTX
Buffer overflow explained
byTeja Babu
 
PDF
Pwning in c++ (basic)
byAngel Boy
 
PDF
Meet cute-between-ebpf-and-tracing
byViller Hsiao
 
PDF
X-XSS-Nightmare: 1; mode=attack XSS Attacks Exploiting XSS Filter
byMasato Kinugawa
 
PPTX
PSConfEU - Offensive Active Directory (With PowerShell!)
byWill Schroeder
 
PPTX
Attacking thru HTTP Host header
bySergey Belov
 
PDF
IDA ユーザなら知っておくべきマントノン侯爵夫人にモテる 7つの法則
by勇 中津留
 
PDF
Introduction to red team operations
bySunny Neo
 
KEY
DVWA BruCON Workshop
bytestuser1223
 
PDF
Security Testing with OWASP ZAP in CI/CD - Simon Bennetts - Codemotion Amster...
byCodemotion
 
PPTX
Ssrf
byIlan Mindel
 
Présentation ELK/SIEM et démo Wazuh
byAurélie Henriot
 
ARM and SoC Traning Part I -- Overview
byNational Cheng Kung University
 
Password Attack
bySina Manavi
 
Linux Komut Satırı
byKemal Demirez
 
The Secret Life of a Bug Bounty Hunter – Frans Rosén @ Security Fest 2016
byFrans Rosén
 
Deep dive into ssrf
byn|u - The Open Security Community
 
Waf bypassing Techniques
byAvinash Thapa
 
Practical Malware Analysis: Ch 15: Anti-Disassembly
bySam Bowne
 
Mitre Attack - Credential Dumping - updated.pptx
bywaizuq
 
Buffer overflow explained
byTeja Babu
 
Pwning in c++ (basic)
byAngel Boy
 
Meet cute-between-ebpf-and-tracing
byViller Hsiao
 
X-XSS-Nightmare: 1; mode=attack XSS Attacks Exploiting XSS Filter
byMasato Kinugawa
 
PSConfEU - Offensive Active Directory (With PowerShell!)
byWill Schroeder
 
Attacking thru HTTP Host header
bySergey Belov
 
IDA ユーザなら知っておくべきマントノン侯爵夫人にモテる 7つの法則
by勇 中津留
 
Introduction to red team operations
bySunny Neo
 
DVWA BruCON Workshop
bytestuser1223
 
Security Testing with OWASP ZAP in CI/CD - Simon Bennetts - Codemotion Amster...
byCodemotion
 
Ssrf
byIlan Mindel
 

Viewers also liked

PDF
Breaking AngularJS Javascript sandbox
byMathias Karlsson
 
PDF
Polyglot payloads in practice by avlidienbrunn at HackPra
byMathias Karlsson
 
PDF
Final slide by avlidienbrunn at HackPra
byMathias Karlsson
 
PPTX
CPQi presentation \
byTerry Boyland
 
PPTX
Crossing Origins by Crossing Formats
byinternot
 
PDF
Bug Bounty - Hackers Job
byArbin Godar
 
PDF
Hackfest presentation.pptx
byPeter Yaworski
 
PDF
If You Can't Beat 'Em, Join 'Em (AppSecUSA)
bybugcrowd
 
PPTX
Web Hacking With Burp Suite 101
byZack Meyers
 
PDF
Writing vuln reports that maximize payouts - Nullcon 2016
bybugcrowd
 
PDF
The Game of Bug Bounty Hunting - Money, Drama, Action and Fame
byAbhinav Mishra
 
PPTX
Bug Bounty - Play For Money
byShubham Gupta
 
PDF
Bug Bounty Secrets
byn|u - The Open Security Community
 
PPTX
Bug Bounty for - Beginners
byHimanshu Kumar Das
 
PPTX
Bug Bounty 101
byShahee Mirza
 
PPTX
Atelier competentia plan de formation 27 mars et 3 avril
byCatherine Bardiau
 
PDF
Bug Bounty Hunter Methodology - Nullcon 2016
bybugcrowd
 
PPTX
Understanding SharePoint site structure what's inside
byBenjamin Niaulin
 
PPTX
Encontro Associados Q1 @ Banco Original
byMobile Marketing Association
 
PDF
Synack cirtical infrasructure webinar
bySynack
 
Breaking AngularJS Javascript sandbox
byMathias Karlsson
 
Polyglot payloads in practice by avlidienbrunn at HackPra
byMathias Karlsson
 
Final slide by avlidienbrunn at HackPra
byMathias Karlsson
 
CPQi presentation \
byTerry Boyland
 
Crossing Origins by Crossing Formats
byinternot
 
Bug Bounty - Hackers Job
byArbin Godar
 
Hackfest presentation.pptx
byPeter Yaworski
 
If You Can't Beat 'Em, Join 'Em (AppSecUSA)
bybugcrowd
 
Web Hacking With Burp Suite 101
byZack Meyers
 
Writing vuln reports that maximize payouts - Nullcon 2016
bybugcrowd
 
The Game of Bug Bounty Hunting - Money, Drama, Action and Fame
byAbhinav Mishra
 
Bug Bounty - Play For Money
byShubham Gupta
 
Bug Bounty Secrets
byn|u - The Open Security Community
 
Bug Bounty for - Beginners
byHimanshu Kumar Das
 
Bug Bounty 101
byShahee Mirza
 
Atelier competentia plan de formation 27 mars et 3 avril
byCatherine Bardiau
 
Bug Bounty Hunter Methodology - Nullcon 2016
bybugcrowd
 
Understanding SharePoint site structure what's inside
byBenjamin Niaulin
 
Encontro Associados Q1 @ Banco Original
byMobile Marketing Association
 
Synack cirtical infrasructure webinar
bySynack
 

Recently uploaded

PPTX
Jisc Equipment Data Service Update Workshop 3 December 2025
byJisc
 
PDF
Bettersize | BeSEC Series Product Brochure
byBettersize Instruments
 
PDF
ICT500 - CRITICAL AND CREATIVE THINKING FOR INFORMATION TECHNOLOGY SOLUTIONS:...
by2024432452
 
PPTX
The Lex Wire Precedent: A Technical Standard for Machine-Mediated Authority ...
byJeff Howell
 
PDF
What Is the Azure AI Foundry and Why Does It Matter for Enterprises?
byjohncarterjn
 
PPTX
NTG - Data Center Management System Software
byMustafa Kuğu
 
PDF
2026_01_28 - OpenMetadata Community Meeting.pdf
byOpenMetadata
 
PDF
Agentic AI with Google ADK GDG On Campus Netaji Subhash Engineering College
bydscnsecorg
 
PDF
OpenCharacter AI Reviews: Features, Plans, and Best Alternative
byOpenCharacter AI
 
PPTX
Beyond the Algorithm: Designing Human-Centric Public Service with AI
byAlan Dix
 
PDF
Designing a Blog Using Wordpress
bymarkzubi50
 
PDF
Post-Hackathon-Learnings-Maximizing-Impact-Beyond-the-Event.pdf
byishantyadav1111
 
PDF
Startup Formation Collapses While Acquisition Activity Hits New High!
byMemoori
 
PDF
Track Phone Location via Number (2026)_ What Actually Works, What’s a Scam, a...
byEmily Woods
 
PDF
Configure and Manage Systemd Timers- RHCSA (RH134).pdf
byLinuxCert Guru
 
PDF
January 2026 OpenMetadata Community Spotlight - OpenMetadata @ Wix.pdf
byOpenMetadata
 
PDF
Agentic-Document-Extraction-2026-Presentation.pdf
byTamanna
 
PDF
How to build hackthon projects from ZERO!
byishantyadav1111
 
PDF
Pneumatic Pressure Pump PPP01 for Calibration & Testing
bySERRAX TECHNOLOGIES LLP
 
PDF
Computer-Based Training (CBT) The Backbone of Modern Technical & Defence Trai...
bycomputerbasedtrainin1
 
Jisc Equipment Data Service Update Workshop 3 December 2025
byJisc
 
Bettersize | BeSEC Series Product Brochure
byBettersize Instruments
 
ICT500 - CRITICAL AND CREATIVE THINKING FOR INFORMATION TECHNOLOGY SOLUTIONS:...
by2024432452
 
The Lex Wire Precedent: A Technical Standard for Machine-Mediated Authority ...
byJeff Howell
 
What Is the Azure AI Foundry and Why Does It Matter for Enterprises?
byjohncarterjn
 
NTG - Data Center Management System Software
byMustafa Kuğu
 
2026_01_28 - OpenMetadata Community Meeting.pdf
byOpenMetadata
 
Agentic AI with Google ADK GDG On Campus Netaji Subhash Engineering College
bydscnsecorg
 
OpenCharacter AI Reviews: Features, Plans, and Best Alternative
byOpenCharacter AI
 
Beyond the Algorithm: Designing Human-Centric Public Service with AI
byAlan Dix
 
Designing a Blog Using Wordpress
bymarkzubi50
 
Post-Hackathon-Learnings-Maximizing-Impact-Beyond-the-Event.pdf
byishantyadav1111
 
Startup Formation Collapses While Acquisition Activity Hits New High!
byMemoori
 
Track Phone Location via Number (2026)_ What Actually Works, What’s a Scam, a...
byEmily Woods
 
Configure and Manage Systemd Timers- RHCSA (RH134).pdf
byLinuxCert Guru
 
January 2026 OpenMetadata Community Spotlight - OpenMetadata @ Wix.pdf
byOpenMetadata
 
Agentic-Document-Extraction-2026-Presentation.pdf
byTamanna
 
How to build hackthon projects from ZERO!
byishantyadav1111
 
Pneumatic Pressure Pump PPP01 for Calibration & Testing
bySERRAX TECHNOLOGIES LLP
 
Computer-Based Training (CBT) The Backbone of Modern Technical & Defence Trai...
bycomputerbasedtrainin1
 

SQL Injection INSERT ON DUPLICATE KEY trick