 |
|
 |
 |
|
 |
IT Security and Insecurity Portal |
|
 |
help me on the sql injection |
 |
 Posted: Sat Sep 05, 2009 11:47 am |
 |
|
| Shallow |
| Beginner |
 |
|
| Joined: Sep 02, 2009 |
| Posts: 4 |
|
|
|
 |
|
 |
|
hello.
i've a site where i'm going to hack with sql injection, but i've got a problem when i'd like to know what the columns names are.
i take this in the url:
| Code: | | union all select 0,1,column_name,3,4,5,6,7,8,9,10,11 from information_schema.columns where table_name='users' |
and the error is:
| Code: | Warning: mysql_result(): supplied argument is not a valid MySQL result resource in /web/htdocs/.../home/items_view.php on line 10
|
who can help me??thank. |
|
|
|
|
|
|
|
|
| Posted: Sat Sep 05, 2009 12:52 pm |
|
|
| waraxe |
| Site admin |
 |
|
| Joined: May 11, 2004 |
| Posts: 2407 |
| Location: Estonia, Tartu |
|
|
|
|
|
|
1. Are you sure, that MySql version is 5.x?
2. Maybe there is magic_quotes active, so that "table_name='users'" turns into "table_name=\'users\'". In this case use hex encoded strings.
3. Depending on specific vulnerability there may be need for "LIMIT x,y".
4. If specific MySql daemon manages large number of databases and tables, for example in case of shared hosting, then using of information_schema meta database can be problematic. I have seen many real world scenarios, where database queries will just time out or give sql errors, all because of the fact, that information_schema has very bad performance.
Do you get that php error "Warning: mysql_result() ..." shortly after http request or it takes lots of time before showing up? |
|
|
|
|
|
|
|
|
| Posted: Sat Sep 05, 2009 5:40 pm |
|
|
| Shallow |
| Beginner |
|
|
| Joined: Sep 02, 2009 |
| Posts: 4 |
|
|
|
|
|
|
|
| waraxe wrote: | 1. Are you sure, that MySql version is 5.x?
2. Maybe there is magic_quotes active, so that "table_name='users'" turns into "table_name=\'users\'". In this case use hex encoded strings.
3. Depending on specific vulnerability there may be need for "LIMIT x,y".
4. If specific MySql daemon manages large number of databases and tables, for example in case of shared hosting, then using of information_schema meta database can be problematic. I have seen many real world scenarios, where database queries will just time out or give sql errors, all because of the fact, that information_schema has very bad performance.
Do you get that php error "Warning: mysql_result() ..." shortly after http request or it takes lots of time before showing up? |
1 i don't know
2 i've tried but it hasn't worked
3 i've ecoded but nothing
4 the tables are 33.I take it shortly. |
|
|
|
|
|
www.waraxe.us Forum Index -> Newbies corner
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
|
All times are GMT
Page 1 of 1
|
|
|
|
Powered by phpBB © 2001-2008 phpBB Group
|
|
|
|
|
Discussions
Tools
Content
Info
Membership:
Latest: 
New Today: 0
New Yesterday: 0
Overall: 9144
People Online:
Visitors: 160
Members: 0
Total: 160
