MySQL – Page 6 – WindowsTechs.com

sqlmap is encountering 403 forbidden

Posted on June 6, 2022 by Questioner

I am trying to complete an SQL injection CTF here.
I confirmed just adding a single ‘ mark at the end of the URL caused a MySQL syntax error, and following this tutorial, I could complete this challenge without any automated tools.
Here is… Continue reading sqlmap is encountering 403 forbidden→

How to Optimize Your Database Storage in MySQL

Posted on May 23, 2022 by ghostadmin

By ghostadmin
SQL (structured query language) is a unique programming language for storing, manipulating, and retrieving data from a database.…
This is a post from HackRead.com Read the original post: How to Optimize Your Database Storage in MySQL
Continue reading How to Optimize Your Database Storage in MySQL→

SQL Injection "Error 1 – Operand should contain 1 column(s)"

Posted on May 22, 2022 by Security Researcher

I am injecting:
-35′ and updatexml(null,concat(0x3a,(0x0a,(select database()))),null)– –

and I am receiving:
Error 1 – Operand should contain 1 column(s)

Any idea how to fix this?
I am trying to get the database type.
References:

http:… Continue reading SQL Injection "Error 1 – Operand should contain 1 column(s)"→

Nessus Scan failed: 5.2 Ensure ‘file_priv’ Is Not Set to ‘Y’ for Non-Administrative Users

Posted on May 19, 2022 by James Connigan

Taking a look at the failure
Description:
The File_priv privilege found in the mysql.user table is used to allow or disallow a user from reading and writing files on the server host. Any user with the File_priv right granted has the abilit… Continue reading Nessus Scan failed: 5.2 Ensure ‘file_priv’ Is Not Set to ‘Y’ for Non-Administrative Users→

How To Create a MySQL 8 Database User With Remote Access

Posted on April 25, 2022 by Jack Wallen

At some point, you’re going to need to connect to a MySQL 8 database remotely to manage your databases. Jack Wallen shows you how to make this possible. Continue reading How To Create a MySQL 8 Database User With Remote Access→

What is the wisdom of using the ASCII function in exploit SQLi?

Posted on April 13, 2022 by Abdrrhmen

I mean, I can exploit the vulnerability using a substring function and without using an ASCII function like:
SELECT username FROM users WHERE id = 1 AND (SELECT substring(password,1,1) FROM users WHERE username = ‘admin’ ) = ‘a’;
And I ca… Continue reading What is the wisdom of using the ASCII function in exploit SQLi?→

Asking for Edit POST data Sqlmap [closed]

Posted on March 28, 2022 by Imran Niaz

it is recommended to perform only basic UNION tests if there is not at least one other (potential) technique found. Do you want to reduce the number of requests? [Y/n] y
[16:14:59] [INFO] testing ‘Generic UNION query (NULL) – 1 to 10 colum… Continue reading Asking for Edit POST data Sqlmap [closed]→

How can I bypass this SQL injection?

Posted on March 25, 2022 by FishyK

Hello I am trying to bypass a SQL injection as an exercise, however, I am having quite some trouble with it. I don’t think the answer is supposed to be very difficult but I all my tries have failed so far.
You are supposed to bypass the pa… Continue reading How can I bypass this SQL injection?→

Storing encrypted data inside a JSON array in MySQL?

Posted on February 27, 2022 by JavaForAndroid

I have the following the situation: I have some data structures which look like this:
{
id: int
name: BLOB
password: VARCHAR(80)
…
}

There it is easy to store the encrypted fields in the MySQL database because I could si… Continue reading Storing encrypted data inside a JSON array in MySQL?→

How to modify a database through SQL injection UNION?

Posted on February 21, 2022 by ilich262

I need help with an sqli exercise. I used sqlmap to find a UNION vulnerability.
I managed to get the H2 version with this payload:
string’) UNION ALL SELECT NULL,H2VERSION(),NULL,NULL,NULL–

But I would like to modify the database. I tri… Continue reading How to modify a database through SQL injection UNION?→