Modular Database Actions
The intention is to factor out those parts that are dependent on
the utilised DBMS as well as the methods used to obtain the values
and communicate results. Therefore three classes of modules
exist:
- Input Modules read data from some source (e.g. the request
object or session attributes or whatever)
- Output Modules send the data to an arbitrary
destination. Again, this could be request attributes or
anything else. When the database transaction finishes, it is
signalled to them whether the transaction succeeded or
failed.
- Database Modules determine the value of a key attribute
column in a database if it's is of auto increment type. This
could be by querying the database, reading from an arbitrary
source (e.g. request object) or just skipping the column when
inserting a row and querying the database afterwards. This
needs to be done e.g. for Informix's SERIAL or HSQLDB's
IDENTITY column types.
Current database content
'
' ORDER BY 999999999999; -- '
'', (SELECT CONCAT('GWEa4', 'GWEa4')) -- '
'', (SELECT CONCAT('_Lmnk', '_Lmnk')) -- '
'+
'+(SELECT CONCAT('Tqcyc', 'f7trz'))+'
'+(SELECT CONCAT('mbsPr', 'MRVVn'))+'
', add-group = (SELECT CONCAT('DzitI', 'LBwo6')) -- '
', add-group = (SELECT CONCAT('aT9mT', '63Bgo')) -- '
', add-user-groups = (SELECT CONCAT('0SDNx', 'Pb4se')) -- '
', add-user-groups = (SELECT CONCAT('865Sf', 'fVV68')) -- '
', del-group = (SELECT CONCAT('GScdv', 'g6I6D')) -- '
', del-user = (SELECT CONCAT('ahJQN', 'dbRg5')) -- '
', del-user = (SELECT CONCAT('kId6_', '_R3ad')) -- '
', groups.gid = (SELECT CONCAT('pFhTx', '2BVfM')) -- '
', groups.gname = (SELECT CONCAT('Hf4qB', '0ZPaq')) -- '
', groups.gname = (SELECT CONCAT('fB8tV', 'AkbAk')) -- '
', upd-group = (SELECT CONCAT('Tqoqp', 'Waliq')) -- '
', user.firstname = (SELECT CONCAT('LpcNY', 'KSNyo')) -- '
', user.firstname = (SELECT CONCAT('vmTnm', 'bp4BF')) -- '
', user.name = (SELECT CONCAT('JgfH2', 'KMqjz')) -- '
', user.name = (SELECT CONCAT('vduj7', 'fTIP5')) -- '
', user.uid = (SELECT CONCAT('DW93o', 'xbByN')) -- '
', user.uid = (SELECT CONCAT('Vd1EP', 'qjbN3')) -- '
', user_groups.gid = (SELECT CONCAT('l8UGZ', 'TjW5S')) -- '
', user_groups.gid = (SELECT CONCAT('m6EiZ', 'ZlPZN')) -- '
','') #'
'||
/0
IsNHIvHDio
_QSETSoqyi
alice
alice
".exit(md5('w4p1t1_md5'));#
alice
alice
".exit(md5('w4p1t1_md5'));//
alice
alice
";exit(md5('w4p1t1_md5'));#
alice
alice
";exit(md5('w4p1t1_md5'));//
alice
alice
&ping -n 25 127.0.0.1&
alice
alice
&set&
alice
alice
'.exit(md5('w4p1t1_md5'));#
alice
alice
'.exit(md5('w4p1t1_md5'));//
alice
alice
';exit(md5('w4p1t1_md5'));#
alice
alice
';exit(md5('w4p1t1_md5'));//
alice
alice
../../../../../../../../../../../../../../../usr/bin/env|
alice
alice
/e
alice
alice
;env;
alice
alice
;exit(md5('w4p1t1_md5'));#
alice
alice
;exit(md5('w4p1t1_md5'));//
alice
alice
a);env;
alice
alice
a;env;
alice
alice
a;exit(md5('w4p1t1_md5'));#
alice
alice
a;exit(md5('w4p1t1_md5'));//
alice
alice
a;sleep 60;
alice
alice
a`)`
alice
alice
a`sleep 60`
alice
alice
alice
alice
alice
alice
env;
alice
alice
alice;env;
alice
alice
a|sleep 60;
alice
alice
data:;base64,PD9waHAgZWNobyAndzRwMXQxJywnX2V2YWwnOyA/Pg==
alice
alice
env
alice
alice
set
alice
alice
|env
Status Information
Request Attributes
Request Parameters
| cocoon-view[0] |
="content" |