I need this query for testing exception handling, so I would prefer that the query is not schema dependent. I am looking for something like SELECT 1; but of course that doesn't fail.
I am using Java and MySQL but I hope to find answers that doesn't depend on programming languages and/or RDBMSs.
What about "SELECT 1/0" for starters?
You could put an invalid token into the query
select doesnotexist.* from something_else
Or of course, what you should do is mock out the method and have it throw the exception during your test.
there are tons of ways to make a query fail, like mispelling a field, or selecting from non existing tables. for example:
SELECT some_fake_field FROM table_that_doesnt_exists
One way to trigger a failure is to call a stored procedure with the wrong number of parameters. Another similar idea is to write an update/insert statement with the wrong number of arguments...
More ideas here:
How to raise an error within a MySQL function
Any old syntax error will do... like an unterminated string
select 'bob
To get 1/0 to raise an error in MySQL, you need to set sql_mode to ERROR_FOR_DIVISION_BY_ZERO.
Try this:
SET sql_mode = 'ERROR_FOR_DIVISION_BY_ZERO';
SELECT 1/0;
If this sql_mode isn't set, MySQL will return a NULL instead of an error.
You can check what your current settings are with the following:
SELECT ##GLOBAL.sql_mode;
SELECT ##SESSION.sql_mode;
Related
I am testing out a blind boolean SQL injection endpoint in a course and am having some issues figuring out where my payload is going wrong.
I have tested the below in the mysql shell on the target box and it works.
GRANT/**/ALL/**/ON/**/*.*/**/TO/**/root#localhost;
But when I submit it in the q GET param I am getting an error in the application.
php?q=off')/**/or/**/GRANT/**/ALL/**/ON/**/*.*/**/TO/**/root#localhost%23
I tested a basic boolean statement with '1'='1' instead and it works fine so I am assuming there is something wrong with my actual query in the context of the URL.
q=off')/**/or/**/'1'='1'%23
I have tried the payload url encoded as well but still with the same issues.
Any idea what might be causing this?
Using SQL injection to combine a partial expression like
OR '1'='1' as part of some other query works because there are many ways to append extra expression syntax to an existing SQL query that already has a WHERE clause.
For example, it's easy to see in the below example how the additional expression can be appended to the first query, and it's still a legal expression.
SELECT * FROM mytable WHERE col1 = 'off'
SELECT * FROM mytable WHERE col1 = 'off' OR '1'='1' -- '
But GRANT is a statement on its own. It cannot be appended to another query like that. There's no way to combine GRANT with a SELECT statement.
SELECT * FROM mytable WHERE col1 = 'off' OR GRANT ALL ON *.* TO ...
That's just not a legal SQL query. You can study the online syntax reference for SELECT and other types of statements.
SQL injection works by tricking the app into executing one SQL statement with different syntax than the original intended SQL statement. But it can't make invalid syntax work!
MySQL gives me syntax error for a simple query but I don't see any error. If you guys find any please help.
insert into cast(sid,celeb_id,type,name,prior)
values(30,1,1,'James Keziah Delaney',2)
It gives sql syntax error near cast.
The main cause of this error is that there is a function Cast in mysql.
It look like to call the cast() function.
You can choose one of the solutions to solve it.
add ` to contain cast table name
look like this.
insert into `cast`(sid,celeb_id,type,name,prior) values(30,1,1,'James Keziah Delaney',2)
sqlfiddle
add a space between cast and ( let mysql know you did't want to execute Cast method. thank for #Barmar remind.
Note:
I would suggest you don't give the table name from keyword or function name.
You can't insert into cast(). It requires a list of column names.
I can not figure out (not sure what the error codes mean) what is wrong with the below SQL statement and I am do not have enough experience to troubleshoot it. Thank you :).
UPDATE `dbo.Custom_PrimerSet`
SET `Hyperlink` = replace(Hyperlink, 'xxxx', 'pxlence')
Error
Error in table name or view name in UPDATE clause.
Error in set list in UPDATE clause.
Incomplete SET clause.
Unable to parse query text.
You use both Hyperlink and 'Hyperlink'. If you make those consistent and correct does it work out better?
Correct in this case being to omit the quote in the update statement. At least that what works for me in a sqlfiddle
In MySQL the below query is executing properly.
SELECT * FROM <Table-name> WHERE (Table.ID LIKE '1%')
But when I try to execute the above query in Postgres, I get the following exception
"org.postgresql.util.PSQLException: ERROR: operator does not exist:
integer ~~ unknown Hint: No operator matches the given name and
argument type(s). You might need to add explicit type casts".
If I convert the same query
SELECT *
FROM <Table-name>
WHERE CAST(Table.ID as TEXT) LIKE '1%'
This gets executed directly in Postgres DB. But I need some query which implicitly type cast in DB, which allows me to execute the MySQL query without any exception. Because I remember there is a way for integer to boolean implicit type cast.
Thanks in advance.
If you search this site with [postgresql] explicit type casts you will get enough information to solve your problem.
I'm a little confused on how (if it's at all possible) allow you to set a local variable from a result of an SQL return statement. I know the SQL statement should only return one value, because currently I'm just testing my database with various inputs and the type it should return is an integer. I know in PL/SQL, I would just essentially do this:
select buildID into locvar
from loc
where...
Any help would be greatly appreciated.
Thanks.
If you have a stored procedure with the return statement in it, you can execute the stored procedure like so to get the return code into a local variable
Declare localvariable int
Execute localvariable = [database].[dbo].[storedprocedure]
Whatever the return statement in the sproc returns should populate into the variable. I have never tried it in a statement block, not sure if it is possible. A few minutes of research didn't turn anything up. If nobody else comes in with an answer, I will do more research tomorrow.
Edited to ask, are you just trying to learn how to set a variable? There are many ways. Very similar to the example you gave, you just don't really use return in that instance.
Ah, I just figured it out. It turns the way I tried doing previously which was
DECLARE #test int;
SELECT #test=[buildingId]
FROM Location
WHERE postalCode='M6N 1K5';
actually was the correct syntax, it was my conversion to a varchar that was causing an issue.
Anyways, thanks for the help Sean I hope my answer benefits you as it benefited me.