(MySQL) Injecting UPDATE statements

In this module, we will familiarize ourselves with the UPDATE statement and SQL injections, which can occur within it!

UPDATE statement

Whereas with the SELECT statement, rows are retrieved from the database and with the INSERT statement, rows are added to it, the UPDATE statement modifies rows that have already been added to the database with an INSERT statement.

The format of the UPDATE clause is as follows:

1UPDATE table SET column=value possibly_other_column=other_value WHERE conditions

So if we want to update the price of all cars with the brand Ferrari to 50000, we could run the following query:

1UPDATE cars SET price=50000 WHERE brand='Ferrari'

When injecting the UPDATE statement, the same subquery technique can be used as with INSERT statements. However, let's take a different approach for the sake of variation; instead of trying to reveal the admin user's password, let's try to make ourselves an admin user.

Open the exercise task and go to the user account page and update your information. Then try to find a vulnerability and update your information so that you can set the value of the admin field to True. However, be careful not to lose the id limit of the WHERE clause, otherwise you might accidentally update your information for every user!