SQL Injection INSERT ON DUPLICATE KEY trick

•

1 like•1,424 views

Lightning talk I gave at SEC-T spring pub 2016, talking about how to use the "ON DUPLICATE KEY UPDATE" syntax to not only extract but also modify/add information in the database. The example I brought up was a site that had an SQL Injection in the register page, which could be used to change the admin password without having to crack it.

Technology

• Login
• Register
• View article
• Admin
• Bcrypt, so couldn't get into admin panel :((

Password of user 'admin' is now the same as
password of user 'attacker'!

SQL Injection in INSERT
is sometimes worse than
SQL injection in SELECT
Lightning talk by @avlidienbrunn (Mathias Karlsson)

What's hot

I'm in your cloud... reading everyone's email. Hacking Azure AD via Active Di...DirkjanMollema

Six Degrees of Domain Admin - BloodHound at DEF CON 24Andy Robbins

VaultJean-Philippe Bélanger

Abusing Microsoft Kerberos - Sorry you guys don't get itBenjamin Delpy

API Security : Patterns and PracticesPrabath Siriwardena

Here Be Dragons: The Unexplored Land of Active Directory ACLsAndy Robbins

Neat tricks to bypass CSRF-protectionMikhail Egorov

Introduction to VaultKnoldus Inc.

I hunt sys admins 2.0Will Schroeder

Not a Security BoundaryWill Schroeder

PowerShell for Practical Purple TeamingNikhil Mittal

PSConfEU - Offensive Active Directory (With PowerShell!)Will Schroeder

Overview of secret management solutions and architectureYuechuan (Mike) Chen

BloodHound: Attack Graphs Practically Applied to Active DirectoryAndy Robbins

Keeping a Secret with HashiCorp VaultMitchell Pronschinske

Polyglot payloads in practice by avlidienbrunn at HackPraMathias Karlsson

Welcome to the Jungle: Pentesting AWSMike Felch

Bug Bounty Hunter Methodology - Nullcon 2016bugcrowd

SSRF workshop Ivan Novikov

SsrfIlan Mindel

What's hot (20)

I'm in your cloud... reading everyone's email. Hacking Azure AD via Active Di...

Six Degrees of Domain Admin - BloodHound at DEF CON 24

Vault

Abusing Microsoft Kerberos - Sorry you guys don't get it

API Security : Patterns and Practices

Here Be Dragons: The Unexplored Land of Active Directory ACLs

Neat tricks to bypass CSRF-protection

Introduction to Vault

I hunt sys admins 2.0

Not a Security Boundary

PowerShell for Practical Purple Teaming

PSConfEU - Offensive Active Directory (With PowerShell!)

Overview of secret management solutions and architecture

BloodHound: Attack Graphs Practically Applied to Active Directory

Keeping a Secret with HashiCorp Vault

Polyglot payloads in practice by avlidienbrunn at HackPra

Welcome to the Jungle: Pentesting AWS

Bug Bounty Hunter Methodology - Nullcon 2016

SSRF workshop

Ssrf

Viewers also liked

Breaking AngularJS Javascript sandboxMathias Karlsson

The Secret Life of a Bug Bounty Hunter – Frans Rosén @ Security Fest 2016Frans Rosén

Final slide by avlidienbrunn at HackPraMathias Karlsson

$CPQi presentation \$ $CPQi presentation \$

CPQi presentation \Terry Boyland

Crossing Origins by Crossing Formatsinternot

Bug Bounty - Hackers JobArbin Godar

Hackfest presentation.pptxPeter Yaworski

If You Can't Beat 'Em, Join 'Em (AppSecUSA)bugcrowd

Web Hacking With Burp Suite 101Zack Meyers

Writing vuln reports that maximize payouts - Nullcon 2016bugcrowd

The Game of Bug Bounty Hunting - Money, Drama, Action and FameAbhinav Mishra

Bug Bounty - Play For MoneyShubham Gupta

Bug Bounty Secrets n|u - The Open Security Community

Bug Bounty for - BeginnersHimanshu Kumar Das

Bug Bounty 101Shahee Mirza

Atelier competentia plan de formation 27 mars et 3 avrilCatherine Bardiau

Understanding SharePoint site structure what's insideBenjamin Niaulin

Encontro Associados Q1 @ Banco OriginalMobile Marketing Association

Synack cirtical infrasructure webinarSynack

[DefCon 2016] I got 99 Problems, but  Little Snitch ain’t one!Synack

Viewers also liked (20)

Breaking AngularJS Javascript sandbox

The Secret Life of a Bug Bounty Hunter – Frans Rosén @ Security Fest 2016

Final slide by avlidienbrunn at HackPra

$CPQi presentation \$ $CPQi presentation \$

CPQi presentation \

Crossing Origins by Crossing Formats

Bug Bounty - Hackers Job

Hackfest presentation.pptx

If You Can't Beat 'Em, Join 'Em (AppSecUSA)

Web Hacking With Burp Suite 101

Writing vuln reports that maximize payouts - Nullcon 2016

The Game of Bug Bounty Hunting - Money, Drama, Action and Fame

Bug Bounty - Play For Money

Bug Bounty Secrets

Bug Bounty for - Beginners

Bug Bounty 101

Atelier competentia plan de formation 27 mars et 3 avril

Understanding SharePoint site structure what's inside

Encontro Associados Q1 @ Banco Original

Synack cirtical infrasructure webinar

[DefCon 2016] I got 99 Problems, but  Little Snitch ain’t one!

Recently uploaded

Human Factors of XR: Using Human Factors to Design XR SystemsMark Billinghurst

Connect Wave/ connectwave Pitch Deck PresentationSlibray Presentation

The Future of Software Development - Devin AI Innovative Approach.pdfSeasiaInfotech2

Nell’iperspazio con Rocket: il Framework Web di Rust!Commit University

Developer Data Modeling Mistakes: From Postgres to NoSQLScyllaDB

Story boards and shot lists for my a level piececharlottematthew16

Dev Dives: Streamline document processing with UiPath Studio WebUiPathCommunity

DMCC Future of Trade Web3 - Special EditionDubai Multi Commodity Centre

Scanning the Internet for External Cloud Exposures via SSL CertsRizwan Syed

"Federated learning: out of reach no matter how close",Oleksandr LapshynFwdays

DevEX - reference for building teams, processes, and platformsSergiu Bodiu

Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationSafe Software

Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Patryk Bandurski

AI as an Interface for Commercial BuildingsMemoori

WordPress Websites for Engineers: Elevate Your Brandgvaughan

New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024BookNet Canada

My INSURER PTE LTD - Insurtech Innovation Award 2024The Digital Insurer

Training state-of-the-art general text embeddingZilliz

Advanced Test Driven-Development @ php[tek] 2024Scott Keck-Warren

Ensuring Technical Readiness For Copilot in Microsoft 3652toLead Limited

Recently uploaded (20)

Human Factors of XR: Using Human Factors to Design XR Systems

Connect Wave/ connectwave Pitch Deck Presentation

The Future of Software Development - Devin AI Innovative Approach.pdf

Nell’iperspazio con Rocket: il Framework Web di Rust!

Developer Data Modeling Mistakes: From Postgres to NoSQL

Story boards and shot lists for my a level piece

Dev Dives: Streamline document processing with UiPath Studio Web

DMCC Future of Trade Web3 - Special Edition

Scanning the Internet for External Cloud Exposures via SSL Certs

"Federated learning: out of reach no matter how close",Oleksandr Lapshyn

DevEX - reference for building teams, processes, and platforms

Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation

Integration and Automation in Practice: CI/CD in Mule Integration and Automat...

AI as an Interface for Commercial Buildings

WordPress Websites for Engineers: Elevate Your Brand

New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024

My INSURER PTE LTD - Insurtech Innovation Award 2024

Training state-of-the-art general text embedding

Advanced Test Driven-Development @ php[tek] 2024

Ensuring Technical Readiness For Copilot in Microsoft 365