mysql-proxy tutorial - injecting queries

Developed In: Other — Contributed by: Jan Kneschke

MySQL Proxy is a simple program that sits between your client and MySQL server that can monitor, analyze or transform their communication. See http://forge.mysql.com/wiki/MySQL_Proxy for more information. In this third part of the tutorial we look at injection Queries.
Jan Kneschke
Other 
  1. --[[

  2.  
  3.    Copyright (C) 2007 MySQL AB

  4.  
  5.    This program is free software; you can redistribute it and/or modify

  6.    it under the terms of the GNU General Public License as published by

  7.    the Free Software Foundation; version 2 of the License.

  8.  
  9.    This program is distributed in the hope that it will be useful,

  10.    but WITHOUT ANY WARRANTY; without even the implied warranty of

  11.    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the

  12.    GNU General Public License for more details.

  13.  
  14.    You should have received a copy of the GNU General Public License

  15.    along with this program; if not, write to the Free Software

  16.    Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA

  17.  
  18. --]]

  19.  
  20. ---

  21. -- read_query() can rewrite packets

  22. --

  23. -- You can use read_query() to replace the packet sent by the client and rewrite

  24. -- query as you like

  25. --

  26. -- @param packet the mysql-packet sent by the client

  27. --

  28. -- @return

  29. --   * nothing to pass on the packet as is,

  30. --   * proxy.PROXY_SEND_QUERY to send the queries from the proxy.queries queue

  31. --   * proxy.PROXY_SEND_RESULT to send your own result-set

  32. --

  33. function read_query( packet )

  34.         if string.byte(packet) == proxy.COM_QUERY then

  35.                 print("we got a normal query: " .. string.sub(packet, 2))

  36.  
  37.                 proxy.queries:append(1, packet )

  38.                 proxy.queries:append(2, string.char(proxy.COM_QUERY) .. "SELECT NOW()" )

  39.  
  40.                 return proxy.PROXY_SEND_QUERY

  41.         end

  42. end

  43.  
  44. ---

  45. -- read_query_result() is called when we receive a query result

  46. -- from the server

  47. --

  48. -- we can analyze the response, drop the response and pass it on (default)

  49. --

  50. -- as we injected a SELECT NOW() above, we don't want to tell the client about it

  51. -- and drop the result with proxy.PROXY_IGNORE_RESULT

  52. --

  53. -- @return

  54. --   * nothing or proxy.PROXY_SEND_RESULT to pass the result-set to the client

  55. --   * proxy.PROXY_IGNORE_RESULT to drop the result-set

  56. --

  57. function read_query_result(inj)

  58.         print("injected result-set: id = " .. inj.type)

  59.  
  60.         -- we injected the SELECT NOW() with the id = 2

  61.         if (inj.type == 2) then

  62.                 for row in inj.resultset.rows do

  63.                         print("injected query returned: " .. row[0])

  64.                 end

  65.  
  66.                 return proxy.PROXY_IGNORE_RESULT

  67.         end

  68. end

  69.  

Current Tags

mysqlproxy 

You must be logged in to tag this tool

No Comments yet

Votes

  • Rated 5.00 out of 5
Rated 5.00 out of 5 with 1 votes cast.
You must be logged in to vote.

Watches

1 members are watching this tool
You must be logged in to track this tool.

Provide Feedback

Please note:
HTML will be purified, but we allow for a number of HTML tags so that you have the flexibility to decorate your comment text to some extent. The comments allow the following HTML tags:

strong, b, em, blockquote, a, code, pre

To put code into your comment, simply encapsulate your code with
[code language="XXX"][/code], where XXX is any common language, for instance "PHP", "SQL", "C", etc.

You must be logged in to comment