Metasploit mailing list archives
Slight offtopic - manipulating db when multiple statments per execution not supported
From: konrads.smelkovs at gmail.com (Konrads Smelkovs)
Date: Fri, 7 Dec 2007 13:03:46 +0100
Hi, Sorry for offtopic, but perhaps folks here would know. I am pentesting an application which is vulnerable to SQL Injection attacks. However, the DB driver which the application uses apparently does not support multiple statements per execution: I can't do select * from bar where baz='XXX'; update .... -- What tricks are there to overcome this? UNION is one, but it only works for SELECT statements and I can't execute insert, update, delete statements. The DB is Informix 7 -- Konrads Smelkovs Applied IT sorcery. -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://mail.metasploit.com/pipermail/framework/attachments/20071207/1d3bb98c/attachment.htm>
Current thread:
- Slight offtopic - manipulating db when multiple statments per execution not supported Konrads Smelkovs (Dec 07)