php


Unable to execute 2 MySQL queries separated by semicolon


I am trying a simple SQL Injection example which is already working correctly. The goal is to add SQL code to a login page that asks for EmployeeID and Password. In this example I am supposed to know the following information:
* There is a user called Admin
* There is a table field called Name
With this data at hand, the code below did the trick. A space is included after the second dash in order to be interpreted as a comment so the rest of the query is ignored. Basically, the password information is not necessary.
' or Name = 'Admin'; --
So far, so good. Now, I have to include a second SQL statement and I am told that I can use a semicolon as a separator for multiple SQL statements. So I did the following:
' or Name = 'Admin'; SELECT id FROM credential; --
But it does not work. I get a message saying that there is an error in the SQL syntax. I thought that maybe there is no support for multiple queries in one line but I tested using MySQL console and I could successfully issue 2 select statements separated by a semicolon. Below, I show the query (displayed intentionally by an echo statement) and the error that appears on screen.
I will very much appreciate your feedback to help me discover and fix my issue.
SELECT id, name, eid, salary, birth, ssn, phoneNumber, address, email,nickname,Password FROM credential WHERE eid= '' or Name = 'Admin'; SELECT id FROM credential; -- ' and Password='da39a3ee5e6b4b0d3255bfef95601890afd80709'
There was an error running the query [You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'SELECT id FROM credential; -- ' and Password='da39a3ee5e6b4b0d3255bfef95601890af' at line 3]\n

Related Links

Image path upload and displaying image in mysql
fusionchart in php are not showing
php built in webserver not reacheable with ip:port via network cable
I cant get value of the radio button Except first radio button
Edit iframe content using PHP, and preg_replace()
PMPRO Wordpress plugin Membership Cancellation Errors (stripe)
Android HttpURLConnection Post Data, PHP App Server can't receive data
compare todays date with the date in the mysql table using codeigniter
Get all possible combinations without duplicates
how to upload to files to amazon EC2
Getting the top scores, but remove duplicate users (SQL)
Explode a string after 5 spaces and 2 new lines in a string in PHP
How to create a button that links to different URL using if-else statement
How to display category's items?
Distinguish tr in dynamic table form for serializing jQuery
phpMyAdmin doesn't show new databases

Categories

HOME
amazon-web-services
orientdb
memory
azure-functions
xcode
theano
visual-studio-2010
typeerror
websocket
haxe
cdi
save
bellman-ford
xamarin-zebble
clish
multi-step
stimulsoft
sonicwall
rpmbuild
web-analytics
sipp
react-dnd
fusetools
webviewclient
openbravo
laravel-4.2
javax.persistence
fusion
audit
xenapp
markov-chains
char-pointer
rails-postgresql
orchardcms-1.8
ms-solver-foundation
google-now
resampling
transparency
xcode8.2
flume-twitter
spongycastle
windows-media-player
aws-kinesis-firehose
xcglogger
nslayoutconstraint
patternlab.io
wikimapia
haraka
mifos
ternary-operator
pjax
bigdecimal
jsonix
android-syncadapter
uibinder
rails-engines
wif4.5
enunciate
perceptron
nette
ambiguity
asp.net-web-api-helppages
ngcordova
android-handler
physicsjs
ocmockito
shell-extensions
mgwt
rfc5545
camus
sql-processor
string.format
tabris
lmax
box2dweb
category-theory
distributed-r
prism.js
incognito-mode
refit
gpu-programming
spring-security-acl
discovery
grails-2.3
flv
mongo-jackson-mapper
asp.net-mvc-3-areas
oembed
arrow
kaazing
image-scanner
hardcode
uploading
mvcrecaptcha
startupscript
asp.net-mvc-views
icicles
xap

Resources

Mobile Apps Dev
Database Users
javascript
java
csharp
php
android
MS Developer
developer works
python
ios
c
html
jquery
RDBMS discuss
Cloud Virtualization
Database Dev&Adm
javascript
java
csharp
php
python
android
jquery
ruby
ios
html
Mobile App
Mobile App
Mobile App