Modular Database Actions

The intention is to factor out those parts that are dependent on the utilised DBMS as well as the methods used to obtain the values and communicate results. Therefore three classes of modules exist:

Input Modules read data from some source (e.g. the request object or session attributes or whatever)
Output Modules send the data to an arbitrary destination. Again, this could be request attributes or anything else. When the database transaction finishes, it is signalled to them whether the transaction succeeded or failed.
Database Modules determine the value of a key attribute column in a database if it's is of auto increment type. This could be by querying the database, reading from an arbitrary source (e.g. request object) or just skipping the column when inserting a row and querying the database afterwards. This needs to be done e.g. for Informix's SERIAL or HSQLDB's IDENTITY column types.

Current database content

name	firstname	uname

		'
		' ORDER BY 999999999999; -- '
		'', (SELECT CONCAT('GWEa4', 'GWEa4')) -- '
		'', (SELECT CONCAT('_Lmnk', '_Lmnk')) -- '
		'+
		'+(SELECT CONCAT('Tqcyc', 'f7trz'))+'
		'+(SELECT CONCAT('mbsPr', 'MRVVn'))+'
		', add-group = (SELECT CONCAT('DzitI', 'LBwo6')) -- '
		', add-group = (SELECT CONCAT('aT9mT', '63Bgo')) -- '
		', add-user-groups = (SELECT CONCAT('0SDNx', 'Pb4se')) -- '
		', add-user-groups = (SELECT CONCAT('865Sf', 'fVV68')) -- '
		', del-group = (SELECT CONCAT('GScdv', 'g6I6D')) -- '
		', del-user = (SELECT CONCAT('ahJQN', 'dbRg5')) -- '
		', del-user = (SELECT CONCAT('kId6_', '_R3ad')) -- '
		', groups.gid = (SELECT CONCAT('pFhTx', '2BVfM')) -- '
		', groups.gname = (SELECT CONCAT('Hf4qB', '0ZPaq')) -- '
		', groups.gname = (SELECT CONCAT('fB8tV', 'AkbAk')) -- '
		', upd-group = (SELECT CONCAT('Tqoqp', 'Waliq')) -- '
		', user.firstname = (SELECT CONCAT('LpcNY', 'KSNyo')) -- '
		', user.firstname = (SELECT CONCAT('vmTnm', 'bp4BF')) -- '
		', user.name = (SELECT CONCAT('JgfH2', 'KMqjz')) -- '
		', user.name = (SELECT CONCAT('vduj7', 'fTIP5')) -- '
		', user.uid = (SELECT CONCAT('DW93o', 'xbByN')) -- '
		', user.uid = (SELECT CONCAT('Vd1EP', 'qjbN3')) -- '
		', user_groups.gid = (SELECT CONCAT('l8UGZ', 'TjW5S')) -- '
		', user_groups.gid = (SELECT CONCAT('m6EiZ', 'ZlPZN')) -- '
		','') #'
		'\|\|
		/0
		IsNHIvHDio
		_QSETSoqyi
alice	alice	".exit(md5('w4p1t1_md5'));#
alice	alice	".exit(md5('w4p1t1_md5'));//
alice	alice	";exit(md5('w4p1t1_md5'));#
alice	alice	";exit(md5('w4p1t1_md5'));//
alice	alice	&ping -n 25 127.0.0.1&
alice	alice	&set&
alice	alice	'.exit(md5('w4p1t1_md5'));#
alice	alice	'.exit(md5('w4p1t1_md5'));//
alice	alice	';exit(md5('w4p1t1_md5'));#
alice	alice	';exit(md5('w4p1t1_md5'));//
alice	alice	../../../../../../../../../../../../../../../usr/bin/env\|
alice	alice	/e
alice	alice	;env;
alice	alice	;exit(md5('w4p1t1_md5'));#
alice	alice	;exit(md5('w4p1t1_md5'));//
alice	alice	a);env;
alice	alice	a;env;
alice	alice	a;exit(md5('w4p1t1_md5'));#
alice	alice	a;exit(md5('w4p1t1_md5'));//
alice	alice	a;sleep 60;
alice	alice	a`)`
alice	alice	a`sleep 60`
alice	alice	alice
alice	alice	alice env;
alice	alice	alice;env;
alice	alice	a\|sleep 60;
alice	alice	data:;base64,PD9waHAgZWNobyAndzRwMXQxJywnX2V2YWwnOyA/Pg==
alice	alice	env
alice	alice	set
alice	alice	\|env

gname

uname	gname	action
".exit(md5('w4p1t1_md5'));#	qasl4tNeGW
".exit(md5('w4p1t1_md5'));//	qasl4tNeGW
";exit(md5('w4p1t1_md5'));#	qasl4tNeGW
";exit(md5('w4p1t1_md5'));//	qasl4tNeGW
&ping -n 25 127.0.0.1&	qasl4tNeGW
&set&	qasl4tNeGW
'.exit(md5('w4p1t1_md5'));#	qasl4tNeGW
'.exit(md5('w4p1t1_md5'));//	qasl4tNeGW
';exit(md5('w4p1t1_md5'));#	qasl4tNeGW
';exit(md5('w4p1t1_md5'));//	qasl4tNeGW
../../../../../../../../../../../../../../../usr/bin/env\|	qasl4tNeGW
/e	qasl4tNeGW
;env;	qasl4tNeGW
;exit(md5('w4p1t1_md5'));#	qasl4tNeGW
;exit(md5('w4p1t1_md5'));//	qasl4tNeGW
a);env;	qasl4tNeGW
a;env;	qasl4tNeGW
a;exit(md5('w4p1t1_md5'));#	qasl4tNeGW
a;exit(md5('w4p1t1_md5'));//	qasl4tNeGW
a;sleep 60;	qasl4tNeGW
a`)`	qasl4tNeGW
a`sleep 60`	qasl4tNeGW
alice	qasl4tNeGW
alice env;	qasl4tNeGW
alice;env;	qasl4tNeGW
a\|sleep 60;	qasl4tNeGW
data:;base64,PD9waHAgZWNobyAndzRwMXQxJywnX2V2YWwnOyA/Pg==	qasl4tNeGW
env	qasl4tNeGW
set	qasl4tNeGW
\|env	qasl4tNeGW

Modular Database Actions

Current database content

Status Information

Request Attributes

Request Parameters

' ORDER BY 999999999999; -- '
'', (SELECT CONCAT('uPP4f', 'uPP4f')) -- '
'', (SELECT CONCAT('wLKlv', 'wLKlv')) -- '
'+(SELECT CONCAT('5to4A', 'SJJV2'))+'
'+(SELECT CONCAT('qlgQD', 'niD_h'))+'
', add-group = (SELECT CONCAT('1yxIG', 'ETOfo')) -- '
', add-group = (SELECT CONCAT('n8Mxs', 'yDerr')) -- '
', add-user-groups = (SELECT CONCAT('K0If7', 'JuzJP')) -- '
', add-user-groups = (SELECT CONCAT('d4fYA', '9IjTc')) -- '
', del-group = (SELECT CONCAT('E3ANe', 'xar3l')) -- '
', del-user = (SELECT CONCAT('SMOpA', 'wL0fT')) -- '
', del-user = (SELECT CONCAT('rOOtx', 'oTp2i')) -- '
', groups.gid = (SELECT CONCAT('vUTsY', '1iF0E')) -- '
', upd-group = (SELECT CONCAT('yUdO7', 'Lsobh')) -- '
', user.firstname = (SELECT CONCAT('8mAHp', 'xyYOh')) -- '
', user.firstname = (SELECT CONCAT('x6HSQ', 'hgh4f')) -- '
', user.name = (SELECT CONCAT('NRhWI', 'jwRjr')) -- '
', user.name = (SELECT CONCAT('suXG9', 'PVR6G')) -- '
', user.uid = (SELECT CONCAT('NAvqz', 'bSNVS')) -- '
', user.uid = (SELECT CONCAT('mF3nl', 'c_tp4')) -- '
', user.uname = (SELECT CONCAT('2u_MH', 'PB5zB')) -- '
', user.uname = (SELECT CONCAT('v1u7S', 'jFyml')) -- '
', user_groups.gid = (SELECT CONCAT('Jpi7A', 'joVLT')) -- '
', user_groups.gid = (SELECT CONCAT('krB7_', 'Rq2YL')) -- '
','') #'
'||
/0
3UDX0ZRCGE
qasl4tNeGW