0

I need help with an sqli exercise. I used sqlmap to find a UNION vulnerability.

I managed to get the H2 version with this payload:

string') UNION ALL SELECT NULL,H2VERSION(),NULL,NULL,NULL--

But I would like to modify the database. I tried with this payload:

string') UNION ALL SELECT NULL,UPDATE ITEMS SET NAME = 'Hello' WHERE ID = 2,NULL,NULL,NULL--

But it did not work. Any ideas?

schroeder
  • 123,438
  • 55
  • 284
  • 319
ilich262
  • 1
  • "But it did not work." -- that doesn't tell us anything. What actually happened? – schroeder Feb 21 '22 at 09:22
  • The payload does not look syntactically correct. A stacked statement would likely involve a semi-colon but you cannot mix a select with an update query. – Kate Feb 21 '22 at 11:45

0 Answers0