mysql's questions - English 1answer

395 mysql questions.

I'm writing a little program that stores passwords in Python. I access to the DB with Mysqldb module. I want to encrypt the password with AES 256 with CBC. I'm trying to do this with SQL AES_ENCRYPT ...

The web app is a sample vulnerable one, and it's quite simple, yet I can't craft a suitable payload. Here is the code: <?php $UA = $_SERVER['HTTP_USER_AGENT'] $DB_USER = "user"; $DB_PASS = "p@ss"; ...

I'm a developer and I'm creating a script to interface with game servers to update player stats. I was sending a POST request with multipart form data and on the last boundary accidentally had the ...

I'm starting with the use of sqlmap and I have the OWASP broken WebApp on VMWare. I was trying to perform the --os-shell command to get access to OWASP VMware with this: # sqlmap -r user.request -D ...

I happen to inject a ' in the email field and used the same username which I have registered before and it gave me an 500 Internal error as IntegrityError: (_mysql_exceptions.IntegrityError) (1062,......

I'm trying to blackbox pentest a website, the URL has the form http://example.com/a/[integer_value]/something_else When trying to change [integer_value] to quotes (double and single), characters. It ...

I can try some SQL-injection against a ad-hoc damn web application in my virtual enviroment for educational purpose. In one of these I obtain the table column_privileges (of Mysql Information schema) ...

I Recently came across a Virtual Machine that has Blind SQL Injection in the X-Forwarded-For header. I used sleep() to detect the vulnerability. The Payload worked in HTTP/1.0 and not in HTTP/1.1 . ...

This is a repost, because i accidentialy posted on stackoverflow first I was wondering how i could achieve a high security level, using Client-Server Authentication. Below is a rough draft of what i ...

I'm making an app whose functionality includes creating a database and its user. This is accomplished like so: mysql -e "grant all on database.* to 'user'@'localhost' identified by '$PW';" $PW is ...

I am using Security Shepherd as a training tool and I am now in challenge SQL Injection Escaping Challenge. The challenge is as it can be seen below: When I makae a query just like the one above (...

What would these hashes be in the query? How can I generate them? http://www.example.com?id=-29/!50000UNION/ /!50000SELECT/ 1,2,...

Why am I asking? I am very new to cryptography (so please be patient with me...) and I want to avoid making unnecessary mistakes. I did a lot of research, but - other than with most other programming ...

I managed to find a vulnerability in a so-called friend of mines website and I want to show him that his website is vulnerable to data extraction. When I use something like yes')-- as post I get the ...

Let's say there's a simple website hosted on the web, based on Flask + MySQL. The website's functionality is secure and does not allow arbitrary queries to be run against the database. However, let's ...

I know that filtering bad keyword is not a good approach to preventing SQL injection. However, when I couldn't answer why this is not a good approach, here is my rule: 1) When I see ;, I make it to '...

I created a ecommerce site with a developer. He completed almost all his work but in the end we had some financial disagreements so our partnership ended in a bitter dispute. That developer threatened ...

My server was hit by the following SQL injection payload:- ((/*!12345sELecT*/(@)from(/*!12345sELecT*/(@:=0x00),(/*!12345sELecT*/(@)from(`InFoRMAtiON_sCHeMa`.`ColUMNs`)where(`TAblE_sCHemA`=DatAbAsE/*...

In readiness for the new GDPR legislation that is coming in on May 25th, I am trying to understand what pseudonymization means in the context of web development. The info I've read infers that it is ...

The user input of a given query is being sanitized (PHP, real_escape_string), yet the query fails with "Illegal mix of collations". This query is below: SELECT * FROM `table` WHERE `column` = "�½��ļ��...

I wish to encrypt/decrypt data in my MySQL database stored on my server. I use a salted hash for my passwords. All encryption/decryption would occur on the server. I use PHP end points which my remote ...

MariaDB [(none)]> SET @key_str = SHA2('Is it secure?',512); Query OK, 0 rows affected (0.00 sec) MariaDB [(none)]> SET @crypt_str = AES_ENCRYPT('cleartext',@key_str); Query OK, 0 rows affected (...

I am a pentesting n00b, working my way through vulnhub VMs. I am stuck trying to figure out how to make portforwarding work with a mysql instance bound to address of 127.0.0.1. Can someone give me ...

I am taking a course in penetration testing and I was provided with a virtual environment to pen test. I was provided with a vpn for my CC server and i am able to ping the host which was found to run ...

$result = $db->query('SELECT * FROM USERS WHERE password="'.$_GET['password'].'"'); if($result->fetchArray()) $step1=true; $result = $db->query('SELECT * FROM USERS WHERE password=\''.$_GET['...

I am wondering, what is more secure to access a database in MySQL: directly via Java application (DriverManager.getConnection) send information from Java App to Apache Kafka, then read it out in ...

A website of my client was compromised by a person claiming he/she has now access to the database. From the fact that this person sent an email saying "contact me and I will tell you where the hole is"...

We currently have two EC2 instances and a RDS instance. Both a EC2 instance and the RDS instance a hosted on AWS in the same region. However, the second EC2 instance is on a different region. ...

May be I am not much clear about the stored procedure. Can someone explain me how stored procedure prevents SQL injection with a simple example using MySql.

I recently had a conversation with a friend in which I told him that everything written on Facebook can be seen by the Facebook admin staff. As a software engineer and database administrator I know ...

I was able to find an article that mentions that SQL injection can be done to SQL code in the following scenarios where stored procedures are involved: EXEC statements Dynamic Cursors Assuming SQLi ...

How do I securely save PHP objects in a MySQL Database? If you use the serialize and unserialize functions, you may end up with Object Injections. Is there a predefined standard on how to handle this? ...

This is my php code: $uname = $_POST['username']; $pwd = md5($_POST['password']); $sql = "SELECT * FROM `user` WHERE username = '$uname' AND password = '$pwd'"; My friend gave me this code but I’d ...

I can't get to upload the stager file on the OWASP BWA document root (/var/wwww/WackoPicko/users). I am not sure how to troubleshoot this error. root kali:~# sqlmap -u "http://x.x.x.x/WackoPicko/...

I'm practicing SQL injection on a test bed where the OR and AND keywords are blacklisted. Using logical operators such as || and &&, I'm able to proceed. However when trying the query below, ...

On my Linux system, I always use a configuration file to log in to MySQL servers without having to enter my password every time. These files includes the username and password. I have to encrypt this ...

I have discovered the credentials of a website database. I've tried to access the database from SQLMap (which claims that you can access the SQL database from external sources) but in the meantime, ...

I've found a whole lot of SQL injection exploits in some systems I maintain. I know how to prevent the injection, but I would like to demonstrate to my CEO and CTO how dangerous it is if we don't have ...

I'd like to encrypt IP addresses in my MySQL database, with the following constraints: Does not need to be resistant to attackers that can execute queries. Must be resistant to attackers that have ...

I looked around everywhere and I can't find the answer to my question. I'm using the latest PHP for server-side scripting and MySQL for my database. The character set is utf8mb4 if that makes a ...

I practice about error based sql injection but there isn't any good reference for it .. for example :) : mysql> select count(*),floor(rand()*2) as a from users group by a; ERROR 1062 (23000): ...

I created an online store for a friend of mine. I created a system that shoots me an email any time there is a database error, that way if it is a bug in my code I can identify it and fix it. The ...

I am setting up a new MySQL server in the office. The client app, connecting from the same LAN, is now in beta testing. So I can still change authentication system and other stuff there. Currently I ...

I am not sure if there is a good way to do this. Currently I have a website that users log into. In that website there is pages that have API calls to another service, this service uses: ...

I'm studying infosec, starting to make my way through some of the online wargames out there. Have recently been working on Natas by OverTheWire (http://overthewire.org/wargames/natas/) and it's been ...

I want to know the table name and column names of that table in website login page. How should I do that. There are only two input fields, Username and Password. And it is vulnerable to Sql ...

Regardless of the format of encryption, what is the best way to store an encryption key on an AWS EC2 server? I am storing encrypted information in a MySQL database and my cryptography key is stored ...

I am building a project that requires users to be authenticated to access it. I was planning on using MySQL as a database and running PHP scripts on the client to fetch user data. E.g. SELECT * from ...

To give a quick background, we need to implement a solution where we can guarantee that information is stored encrypted. Access to the encryption data will only be possible through an application that ...

I've run across a dilemma with PAM RADIUS authentication for the database layer. In our environment, the OS login authenticates via PAM to a RADIUS server which accepts a token code and authenticates ...

Related tags

Hot questions

Language

Popular Tags