mysql's questions - English 1answer

402 mysql questions.

I apologize if this is a dumb question. I recently came across a website that embedded its error log out in a JSON response if the request to the website failed. In this case, it appeared there was a ...

I tried to manually SQL inject using DIOS (Dump in One Shot): make_set(6,@:=0x0a,(select(1)from(information_schema.columns)where@:=make_set(511,@,0x3c6c693e,table_name,column_name)),@) But the WAF ...

Why am I asking? I am very new to cryptography (so please be patient with me...) and I want to avoid making unnecessary mistakes. I did a lot of research, but - other than with most other programming ...

Before you start suggesting how to encrypt and decrypt text in PHP. Please that is not my question. In my platform user writes notes. Small notes. And I store them in mysql database using encryption. ...

I wish to encrypt/decrypt data in my MySQL database stored on my server. I use a salted hash for my passwords. All encryption/decryption would occur on the server. I use PHP end points which my remote ...

Using direct variables is vulnerable to sql injection. So to prevent attacks we use parameters. $result->bindParam(":id",$_POST['id'],PDO::PARAM_INT) but I am confused regarding the following ...

I can try some SQL-injection against a ad-hoc damn web application in my virtual enviroment for educational purpose. In one of these I obtain the table column_privileges (of Mysql Information schema) ...

This is a repost, because i accidentialy posted on stackoverflow first I was wondering how i could achieve a high security level, using Client-Server Authentication. Below is a rough draft of what i ...

I'm making an app whose functionality includes creating a database and its user. This is accomplished like so: mysql -e "grant all on database.* to 'user'@'localhost' identified by '$PW';" $PW is ...

In MySQL there are builtin AES_ENCRYPT() and AES_DECRYPT() functions which take the form of: AES_ENCRYPT(str, key_str) What length is required for the key_str argument? Can it be variable? What is ...

I am using Security Shepherd as a training tool and I am now in challenge SQL Injection Escaping Challenge. The challenge is as it can be seen below: When I makae a query just like the one above (...

I've heard the eval() function is vulnerable to SQLi. Can I check for vulnerabilities by simply viewing the website source code?

I managed to find a vulnerability in a so-called friend of mines website and I want to show him that his website is vulnerable to data extraction. When I use something like yes')-- as post I get the ...

We are 1-3 guys maintaining a fairly large but clumsy developed-in-house website. With around 900+ mysql tables, and a lot of data access code in PHP. Let's say it is huge amount of code for just 1 or ...

The web app is a sample vulnerable one, and it's quite simple, yet I can't craft a suitable payload. Here is the code: <?php $UA = $_SERVER['HTTP_USER_AGENT'] $DB_USER = "user"; $DB_PASS = "p@ss"; ...

Our website is 100% API based (with an SPA client). Recently, a hacker managed to get our admin's password (hashed with SHA-256) through SQL injection (and cracking pwd) like this: https://example....

Having MySQL using auth_socket as default authentication mechanism for the root user scares me, so I change it to password authentication with rigid controls on password quality and documentation. If ...

I'm trying to test SQL injection on a site (PHP, uses MySQL Database). When I put an apostrophe in the username field and leave the password box blank, after submitting, the form reloads and the ...

I'm a developer and I'm creating a script to interface with game servers to update player stats. I was sending a POST request with multipart form data and on the last boundary accidentally had the ...

I'm trying to blackbox pentest a website, the URL has the form http://example.com/a/[integer_value]/something_else When trying to change [integer_value] to quotes (double and single), characters. It ...

I Recently came across a Virtual Machine that has Blind SQL Injection in the X-Forwarded-For header. I used sleep() to detect the vulnerability. The Payload worked in HTTP/1.0 and not in HTTP/1.1 . ...

What would these hashes be in the query? How can I generate them? http://www.example.com?id=-29/!50000UNION/ /!50000SELECT/ 1,2,...

Let's say there's a simple website hosted on the web, based on Flask + MySQL. The website's functionality is secure and does not allow arbitrary queries to be run against the database. However, let's ...

I know that filtering bad keyword is not a good approach to preventing SQL injection. However, when I couldn't answer why this is not a good approach, here is my rule: 1) When I see ;, I make it to '...

I created a ecommerce site with a developer. He completed almost all his work but in the end we had some financial disagreements so our partnership ended in a bitter dispute. That developer threatened ...

My server was hit by the following SQL injection payload:- ((/*!12345sELecT*/(@)from(/*!12345sELecT*/(@:=0x00),(/*!12345sELecT*/(@)from(`InFoRMAtiON_sCHeMa`.`ColUMNs`)where(`TAblE_sCHemA`=DatAbAsE/*...

In readiness for the new GDPR legislation that is coming in on May 25th, I am trying to understand what pseudonymization means in the context of web development. The info I've read infers that it is ...

The user input of a given query is being sanitized (PHP, real_escape_string), yet the query fails with "Illegal mix of collations". This query is below: SELECT * FROM `table` WHERE `column` = "�½��ļ��...

MariaDB [(none)]> SET @key_str = SHA2('Is it secure?',512); Query OK, 0 rows affected (0.00 sec) MariaDB [(none)]> SET @crypt_str = AES_ENCRYPT('cleartext',@key_str); Query OK, 0 rows affected (...

I am a pentesting n00b, working my way through vulnhub VMs. I am stuck trying to figure out how to make portforwarding work with a mysql instance bound to address of 127.0.0.1. Can someone give me ...

I am taking a course in penetration testing and I was provided with a virtual environment to pen test. I was provided with a vpn for my CC server and i am able to ping the host which was found to run ...

$result = $db->query('SELECT * FROM USERS WHERE password="'.$_GET['password'].'"'); if($result->fetchArray()) $step1=true; $result = $db->query('SELECT * FROM USERS WHERE password=\''.$_GET['...

I am wondering, what is more secure to access a database in MySQL: directly via Java application (DriverManager.getConnection) send information from Java App to Apache Kafka, then read it out in ...

A website of my client was compromised by a person claiming he/she has now access to the database. From the fact that this person sent an email saying "contact me and I will tell you where the hole is"...

We currently have two EC2 instances and a RDS instance. Both a EC2 instance and the RDS instance a hosted on AWS in the same region. However, the second EC2 instance is on a different region. ...

May be I am not much clear about the stored procedure. Can someone explain me how stored procedure prevents SQL injection with a simple example using MySql.

I recently had a conversation with a friend in which I told him that everything written on Facebook can be seen by the Facebook admin staff. As a software engineer and database administrator I know ...

I was able to find an article that mentions that SQL injection can be done to SQL code in the following scenarios where stored procedures are involved: EXEC statements Dynamic Cursors Assuming SQLi ...

How do I securely save PHP objects in a MySQL Database? If you use the serialize and unserialize functions, you may end up with Object Injections. Is there a predefined standard on how to handle this? ...

This is my php code: $uname = $_POST['username']; $pwd = md5($_POST['password']); $sql = "SELECT * FROM `user` WHERE username = '$uname' AND password = '$pwd'"; My friend gave me this code but I’d ...

I can't get to upload the stager file on the OWASP BWA document root (/var/wwww/WackoPicko/users). I am not sure how to troubleshoot this error. root kali:~# sqlmap -u "http://x.x.x.x/WackoPicko/...

I'm practicing SQL injection on a test bed where the OR and AND keywords are blacklisted. Using logical operators such as || and &&, I'm able to proceed. However when trying the query below, ...

On my Linux system, I always use a configuration file to log in to MySQL servers without having to enter my password every time. These files includes the username and password. I have to encrypt this ...

I have discovered the credentials of a website database. I've tried to access the database from SQLMap (which claims that you can access the SQL database from external sources) but in the meantime, ...

I've found a whole lot of SQL injection exploits in some systems I maintain. I know how to prevent the injection, but I would like to demonstrate to my CEO and CTO how dangerous it is if we don't have ...

I'd like to encrypt IP addresses in my MySQL database, with the following constraints: Does not need to be resistant to attackers that can execute queries. Must be resistant to attackers that have ...

I looked around everywhere and I can't find the answer to my question. I'm using the latest PHP for server-side scripting and MySQL for my database. The character set is utf8mb4 if that makes a ...

I practice about error based sql injection but there isn't any good reference for it .. for example :) : mysql> select count(*),floor(rand()*2) as a from users group by a; ERROR 1062 (23000): ...

I created an online store for a friend of mine. I created a system that shoots me an email any time there is a database error, that way if it is a bug in my code I can identify it and fix it. The ...

I am setting up a new MySQL server in the office. The client app, connecting from the same LAN, is now in beta testing. So I can still change authentication system and other stuff there. Currently I ...

Related tags

Hot questions

Language

Popular Tags