Introduction
Most of the time when we talk about SQL injection we extract data by using the union
keyword, error based, blind boolean and time based injection methods. All this comes
under a place where the application is performing a SELECT statement on the back-end
database. How to inject into places where the application is performing an INSERT,
UPDATE, DELETE statement? For example, INSERT statements are used in applications
when it wants to store IP addresses, user agent strings, referrer URLs and other data
within the database. While manipulating with user accounts when creating a new
password, changing names, deleting accounts these statements are used. Not only just
user input if we can fuzz around into whatever the application is taking as input and
if they aren’t properly sanitized to filter we can go ahead and inject (Assuming
that there are no WAFs or any blacklists). This paper is based on the MySQL error
response. In the web application mysql_error() should be echoed back to us.
more here.............http://dl.packetstormsecurity.net/papers/database/SQLi_Insert.pdf
Most of the time when we talk about SQL injection we extract data by using the union
keyword, error based, blind boolean and time based injection methods. All this comes
under a place where the application is performing a SELECT statement on the back-end
database. How to inject into places where the application is performing an INSERT,
UPDATE, DELETE statement? For example, INSERT statements are used in applications
when it wants to store IP addresses, user agent strings, referrer URLs and other data
within the database. While manipulating with user accounts when creating a new
password, changing names, deleting accounts these statements are used. Not only just
user input if we can fuzz around into whatever the application is taking as input and
if they aren’t properly sanitized to filter we can go ahead and inject (Assuming
that there are no WAFs or any blacklists). This paper is based on the MySQL error
response. In the web application mysql_error() should be echoed back to us.
more here.............http://dl.packetstormsecurity.net/papers/database/SQLi_Insert.pdf