0

If an SQL Injection on the address bar (like ?ID=1) affects two tables (SELECT *FROM catalogue WHERE... and SELECT *FROM reviews WHERE...) with a different amount of columns, how could a hacker inject their SQL (edit: i.e. see all tables)? For example, 'UNIONing' a value from dual to the queried result.

Table 1 (?ID=[row]): 

mp3s || COL1 | COL2 | COL3  ... COL5    <-- 5 columns
-----++------+------+------
-----++------+------+------
mp31 || ...  | ...  | ...
-----++------+------+------  
mp32 || ...  | ...  | ...
  :
  '
mp39

Table 2 (?ID=[row]):

revs || COL1 | COL2 | COL3  ... COL19   <-- 19 columns
-----++------+------+------
-----++------+------+------
r001 || ...  | ...  | ...
-----++------+------+------  
r002 || ...  | ...  | ...
  :
  '
r185
Improve this question

1 Answer 1

Reset to default
0

If it is truly being used for two queries and those queries are selecting a different number of columns there is no UNION SQL Injection attack that will work for both. It's not possible to select two different number of columns at once.

It may be possible to perform other types of SQL Injection attacks like:

ID=1 OR 1=1

but you will need to experiment to see if that is possible in your particular situation.

Improve this answer
1
  • Those last ones work, but I can't get in. Commented Aug 18, 2017 at 9:06

You must log in to answer this question.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.