Sql Injection

SQL Injection in Insert, Update and Delete Statements

Osanda Malith Jayathissa

Table of Contents

Acknowledgements................................................................... 3 Introduction..................................................................... 4 Lab Setup ....................................................................... 4 Syntax for Injecting............................................................. 4 Injection using Updatexml()...................................................... 5 Insert......................................................................... 5 Update......................................................................... 5 Delete......................................................................... 5 Extraction of Data............................................................. 5 Injection Using extractvalue()................................................... 6 Insert......................................................................... 6 Update......................................................................... 7 Delete......................................................................... 7 Extraction of Data............................................................. 7 Injection Using name_const()..................................................... 7 Insert......................................................................... 8 Update......................................................................... 8 Delete......................................................................... 8 Extraction of Data............................................................. 8 Double Query Injection........................................................... 9 Insert......................................................................... 9 Update......................................................................... 9...