(MySQL) Injecting INSERT statements

Easy30MIN

So far, we have familiarized ourselves with two different SQL injection vulnerabilities, one of which was the SELECT statement in the login screen and the other was the SELECT statement on the credit card page. However, the vulnerability may exist in any type of SQL query, and in this module, we will examine the injection that occurs in the INSERT statement.

What is an INSERT statement?

When data is retrieved using the SELECT statement, data is added to the database using the INSERT statement.

The format of the INSERT statement is simple:

INSERT INTO <table name> (column names) VALUES (column values)

Let's say, for example, that we have an online banking application that records a completed transaction in its database. In this case, the application could write the columns amount, recipient's IBAN, sender's IBAN, reference number, and message into a table named transaction, and then provide the values as follows:

SQL

1INSERT INTO transaction (amount, recipient_iban, sender_iban, reference, message) VALUES (25, 'SD31RAYV75830132022610', 'AQ07SXPO99612579131812', '123', 'test')

Alternatively, if the application would like to add two rows at a time to the database, it could be done as follows:

SQL

1INSERT INTO transaction (amount, recipient_iban, sender_iban, reference, message) VALUES (25, 'SD31RAYV75830132022610', 'AQ07SXPO99612579131812', '123', 'test'),(100, 'SD31RAYV75830132022610', 'AQ07SXPO996125 79131812', '124', 'test 2')

1 / 6

Previous: (MySQL) Determining the structure of the schemaPrevious Next: (MySQL) Injecting UPDATE statementsNext

Hakatemia Pro

Learn to hack — start here

Hundreds of interactive courses, virtual labs and CTF challenges in your browser. Start a free trial — no card required.