SQL Injection on BadStore
I'm trying to excercise on BadStore, for those who don't know it's a fake online store site which can be run on VM box, and offers a lot of security vulnerabilities.
One thing i'm trying to do is to apply sql injection on the search query.
When searching for "book", for instance, we see this:
So, i'm trying to show all the store items trying to search for 1=1' --, which will result with the query of:
SELECT itemnum, sdesc, ldesc, price FROM itemdb WHERE '1=1' --' IN (itemnum,sdesc,ldesc)
however, this not giving the expected outcome as I get the following error:
Any suggestions?
You realize that -- in MySQL acts as a comment for the rest of the line?
If this is what you are trying to do, commenting out the rest of the line, then as per the MySQL documentation, you need a space after the --.
I understand you are trying out MySQL injection, so try to type your query, and then after the query type ; -- Notice that there IS a trailing space.
TL;DR
Change
'1=1' --' IN
TO
'1=1' -- ' IN
- Will modifying the primary key type using ALTER in MySQL reset the auto-increment value to 0?
- Auto-increment is not resetting in MySQL
- Php update database if checkbox is not checked
- Retrieve 10 records from MySQL?
- how to use str_to_date (MySQL) to parse two-digit year correctly
- sum column value(s) if previous values has same value with current value from the same table in mysql
- JDBC connection without database definition
- Checking connection to MySQL (Java)
- WARN: Establishing SSL connection without server's identity verification is not recommended
- how to solve django.db.utils.NotSupportedError in django
- How to make an Inner Join in django?
- Can I order by a conditional combination of fields in MySQL?
- Select from 2 tables in the last 30 days, return 0 if null/not exist
- Can't connect to local MySQL server through socket '/var/mysql/mysql.sock' (38)
- Access denied for user 'root@localhost' (using password:NO)
- Watching a table for change in MySQL?
- table is specified twice both as a target for INSERT and as separate source of data
- Python Mysql, "commands out of sync; you can't run this command now"
- Does Laravel's "soft_delete" need index on MySQL?
- How do I access a field from the main query inside a sub query in mySQL?
- Not getting unpaid or partially paid records some can help me?
- Warning: The post-install step did not complete successfully when trying to install mysql using brew in Mac OS High Sierra
- MySQL Entity Attribute Value table structure proposal
- CodeIgniter SELECT query on table with JOIN and WHERE IN a subquery
- is there a MYSQL tables schema for storing raw material, intermediate and final products?
- MySQL: Total GROUP BY WITH ROLLUP curiosity
- Problem with pip install mariadb - mariadb_config not found
- nodejs mysql memory leak on large volume of high frequency queries
- `MODIFY COLUMN` vs `CHANGE COLUMN`
- Displaying BLOB image from Mysql database into dynamic div in html