Features
Features:

Product Tour >

Edraw AI >

Paid Plans:

Individuals >

Business >

Eduaction >
Resources
Blog

History

How-tos & Tips

Discovery

Biography

Business Analysis

Examples

AI concept Map

Free AI Mind Map Generator

Onenote Mind Map

Bcg Matrix Examples

Nike Marketing Strategy

Unilever SWOT Analysis

Make Mind Maps in Google Docs

Guide

FAQs

What's New

Resource Center
Templates
All Templates

Brain Storming Templates

Strategy and Planning Templates

Project Management Templates

Product Management Templates

Human Resources Templates

Agile Workflow Templates

Marketing Templates

Education Templates

Fun and Games Templates

User Gallery
Download
Pricing
Enterprise

Error injection

That is, the page will return database error information. Using database functions, the error information based on the database is mixed with the information we want.

Edited at 2023-11-02 01:58:49

PlotWizard

Recent works View more works>>

Error injection

PlotWizard

Recent works View more works>>

Recommended to you
Outline

Error injection

Definition of error injection

That is, the page will return database error information, use database functions, and report based on the database. Misinformation is mixed with the information we want.

The triggering of error injection requires the help of the error reporting mechanism of certain functions. Here are the two most common ones: See error injection method: updatexml() error injection extractvalue() error injection

Error injection related functions

updatexml() function

Function usage

The updatexml() function is an XPATH function that mysql uses to query and modify XML document data.

Function form: UPDATEXML(XML_document,XPath_string, new_value)

first parameter

XML_document is in String format and is the name of the XML document object.

second parameter

XPath_string (Xpath format string)

The third parameter

new_value, String format, replaces the found data that meets the conditions

effect

Change the value of the node in the document that meets the condition, that is, change the value of the node in the XML_document that matches the condition XPATH_string value

Injection statement

updatexml(1,concat(0x7e,(SELECT query statement),0x7e),1)

concat() function

The concat() function concatenates its parameters into a string, so it will not match The format of XPATH_string, resulting in a format error causing an error message to be returned. This function acts as The key part must be written.

extractvalue() function

Function usage

The extractvalue() function is mysql's XPATH function for querying XML document data.

Function form: EXTRACTVALUE(XML_document,XPath_string)

first parameter

XML_document is in String format and is the name of the XML document object.

second parameter

XPath_string (Xpath format string)

effect

Returns a string containing the queried value from the target XML

Injection statement

extractvalue(1,concat(0x7e,(select query statement),0x7e))

Example of error injection payload

?id=1'and updatexml(1,concat('~',(select database()),'~'),1)--

?id=1'and extractvalue(1,concat('~',(select database()),'~'))--

Reasons why error information can be used for injection

Because the parameters we input do not meet the syntax format of the two functions here, an error is reported, but Before reporting an error, the parameters we passed in will be executed first, and then the result after execution will be regarded as the error message. Give feedback back.

Conditions of use: The background does not block the error message of the database. When a syntax error occurs, it is output to the front end. It is necessary to use a special parameter passing method that satisfies error reporting, otherwise the function error reporting will not be triggered.