SQL Insertion Attack
From Uncyclopedia, the content-free encyclopedia.
An SQL Insertion Attack is when a malicious hacker attempts to insert destructive database statements"DELETE FROM user";"DELETE FROM users";via an applications' input mechanisms. Often, this is attempted against web-b"DROP TABLE wiki";"ALTER TABLE user DROP passwd"ased applications that use a browser as a means of input. These attacks are gener`system \"echo 'show tables'|mysql unclyclopedia|awk '{print "DROP TABLE " $1}'|mysql uncyclopedia\"`ally useless atte"DELETE * FROM *"mpts by script kiddies.
NOTE TO ADMINS:
A database query syntax error has occurred. This may indicate a bug in the software.
The last attempted database query was:
SELECT cur_id, cur_namespace, cur_title, cur_text FROM `cur`,`searchindex`
WHERE cur_id=si_page AND ( AND (MATCH (si_title) AGAINST ('order')) ) AND
^^^^^^^^^ NOTE SUPERFLUOUS 'AND'
cur_namespace IN (0) LIMIT 0,20
from within function "". MySQL returned error "1064: You have an error in your SQL syntax;
check the manual that corresponds to your MySQL server version for the right syntax to use
near 'AND (MATCH (si_title) AGAINST ('order')) ) AND cur_namespace IN (brussels.wikia.com)".
Using Uncyclopedia's search function with the unquoted search string "law and order" revealed a potential exploit. Error message tempting. Denotes poorly parsed SQL. Careful placement of qoutes, semi colons, ticks and delete statements might keep you up all night. Further prodding could result in ^$%$%(($*)([NO CARRIER]
