I’ve to make a small demonstration about how to make a MySQL Injection and how to protect us against them. I already know exactly how to protect our application for then, but I’ve some question about SQL injection.
A created a simple dummy website for the demonstration, on which I’ve added a search field. This search field isn’t protected so subject to SQL injection.
I already made some example, like how to retrieve some global info on the database(version, current user, database name), inserting a " 'UNION SELECT [MyInteresstingFields] From [mytable]; --", but my question is:
What is the next step? Is it possible to alter the database? How? I don’t see, because mysql_query(it’s a php website using cakePhp) only runs one request, so how alter a SELECT request to make a change in the database?(e.g. insert, edit or anything else, doesn’t matter, it’s only to show them what can be the result).
Usually you will use the injection to collect admin passwords (or the token emailed via a password reset page), then login to the admin part and do the stuff from there.