I am currently practicing SQL injection on a local host web application. In order to successfully do that, a value must be returned in the statement (by using SELECT
). I'm trying to change the password of the user:
changepwd', (UPDATE mysql.user SET authentication_string=PASSWORD('new password')
WHERE user='root' UNION SELECT authentication_string from mysql.user)) #
With SQL injection you can't use ;
. I tried UNION
in that example to see if it would work but no luck. Any other ideas i could try?
I think the answer to this question is here .
In short the answer is create a stored procedure.
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.