sql injection on limit clause
Question
Is there any possibility to exploit a sql injection in the following query?
mysql_query("SELECT `one`, `two`, `three` FROM test LIMIT ".$vulnerablepost.",2;") or die(mysql_error());
What are possible types of possible queries? Is it possible de perform a SELECT OUTFILE? Thanks
2 answers
solution1
2 ACCPTED 2017-01-07 11:27:55
Yes it is. Since the input can be manipulated or adjusted to inject wrong SQL. What if your input value looks like
$vulnerablepost = "20;delete from student_table;select 1";
You will ended up in a SQL query like below which is syntactically correct but will put you in trouble
SELECT `one`, `two`, `three` FROM test LIMIT 20;delete from student_table;select 1,2;
solution2
0 2017-01-08 20:47:06
Yes it is, and you shouldn't be using that. Use PDO or Mysqli. http://php.net/manual/en/ref.pdo-mysql.php
So unless you are using an extremely old version of PHP you should not use that funciton. You can even check the documentation for that page as well. http://php.net/manual/en/function.mysql-query.php
Warning
This extension was deprecated in PHP 5.5.0, and it was removed in PHP 7.0.0. Instead, the MySQLi or PDO_MySQL extension should be used. See also MySQL: choosing an API guide and related FAQ for more information. Alternatives to this function include:
mysqli_query()
PDO::query()
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.