2 select statements in one

Anon

Hey guys
i just got this job etc
was revewing the application they build and i found that they pass SQL statements in the url itself. so i showed that that i could add something at the end of their query, aditional statements. its like this
"half of query"+"stuff from url" = query
i dont know how to but i am pretty sure that you can also insert a delete statement in the end of the query. i dont know how to do 2 statements in sql , can anyone help, please do.. i would appreciate it. I am really trying to help these guys out with security issues.

Anon

From my understanding you can only do INSERT or SELECT or DELETE per query. You can't mix and match. CASCADING is another item, which might be what you are thinking of.

Anon

doesnt that seem like a MAJOR security hole?!?! whats keeping me from changing the url to DELETE+FROM+table

something to think about...

Anon

I remember reading some stuff about a hole in MSSQL Server where you could just throw a semi-colon at the end of a query and then add another query on the end like

first query;second query

I am not sure if that works for all DB's or not, I have really never experimented with it too much. You are write to show them the problem though, passing full queries in a URL just seems like a bad idea that should have been discarded soon after it was brought up.

Tim Frank

[deleted]

Reading this post I get the feeling this is not someone who want's to show a security leak. If the query gets passed in the URL, you don't need to append a new query to the original one, you can just replace the original query....

Anon

Yeah its a security leak
basicaly lets say the query is:
"select id,title from cd_info where" and after this comes the stuff from the URL, and what they do is have javascript make the end of the query depending on the fields that were filled out like this " image_id=20" so end is the only one u can modify. so can i add another SELECT or DELETE statement at the end of the query since the query is been passed through the url, looking to make something like:

SELECT id,title from cd_info WHERE image_id=20; DELETE * from cd_info;

basically i wanna make a sub query in there
can someone show me how to write it? I am pretty sure mysql doesnt do it, but maybe SQL does?

Anon

SELECT id,title from cd_info WHERE image_id=20; DELETE * from cd_info;

basically i wanna make a sub query in there
can someone show me how to write it? I am pretty sure mysql doesnt do it, but maybe SQL does?

Anon

SELECT id,title from cd_info WHERE image_id=20; DELETE * from cd_info;

basically i wanna make a sub query in there
can someone show me how to write it? I am pretty sure mysql doesnt do it, but maybe SQL does?

Anon

SELECT id,title from cd_info WHERE image_id=20; DELETE * from cd_info;

basically i wanna make a sub query in there
can someone show me how to write it? I am pretty sure mysql doesnt do it, but maybe SQL does?

sepodati

Just a pet peeve. SQL is a language, just like PHP, that you use to communicate to a database. MySQL, MSSQL, and Oracle all use SQL to communicate, although each one has some differences.

Please don't confuse SQL, the language, with MSSQL, or SQLServer as some people call it, the MicroSoft program...

🙂

---John Holmes...