Geek Answers Handbook

Questions on MYSQL Second Order Attacks

right now im using prepared statements to select / paste data in mysql. Well, my question is, I learned about second-order attacks. So the user, for example, is registered on my site. And uses something like this as an email or username

"username '; DELETE Orders;--"

this gets insertions into mysql table

So, when I get the data again through the prepared statement and insert / do something with it again in the prepared statement.

Would I be safe because I use prepared statements?

Example:

 Get Bad Data: $sql = "SELECT * FROM USERS where USERID = 1"; ... $stmt->bind_result($username); ... Next Query: INSERT or do other things: $SQL = "SELECT * FROM email WHERE USERNAME = ?"; .... $stmt->bind_param('s', $username); ...

After I thought I would be safe if I do this? Or is there a leak?

But I would be an attacker if I did this:

 $sql = "SELECT * FROM email WHERE username = $username"; $stmt = $mysqli->prepare($sql); $stmt->execute();

Thanks: -)

+4
source share
1 answer

As long as placeholders are used consistently (everywhere!) For all [variable] data , then all SQL injection attacks * are interrupted, second order or otherwise.

This does not mean that there are no vulnerabilities or other attack vectors, but it does mean that someone with a "smart username" will not be able to send an unexpected "DROP" to the database. As indicated, if somewhere the "unsafe SQL statement" is used, then, wham! Warranties do not work.

(The set of "unsafe SQL statements" includes, but is not limited to, any such statement that does not use placeholders for all [variable] data.)

Happy coding.

* This assumes that there are no errors / vulnerabilities in the support driver / database driver. But this other story ...

+1
source

More articles:


All Articles