 |
|
 |
 |
|
 |
IT Security and Insecurity Portal |
|
|
| delta |
|
| Replies: 7 |
| Views: 11857 |
|
|
 |
|
 |
|
| If the mysql server allows external connection you can connect directly, without access to the server. |
|
|
|
| delta |
|
| Replies: 0 |
| Views: 6413 |
|
|
|
|
|
|
Hello, getting the follow error in mssql 2005:
Well, this means that cross database is turned off, right?
My question is: There is a way to turn it on? Maybe with sp_configure, don't know...
... |
|
|
|
| delta |
|
| Replies: 8 |
| Views: 16116 |
|
|
|
|
|
|
| Sry, I cant, I'm sure that this method don't work for this forum, I need other way to upload the shell. |
|
|
|
| delta |
|
| Replies: 8 |
| Views: 16116 |
|
|
|
|
|
|
| After the file being "uploaded" by ajax.php |
|
|
|
| delta |
|
| Replies: 8 |
| Views: 16116 |
|
|
|
|
|
|
Yeah, I know, but already tried to upload the file before, always get a xml error.
O documento XML não está associado a estilos. A estrutura do documento é representada abaixo.
−
... |
|
|
|
| delta |
|
| Replies: 8 |
| Views: 16116 |
|
|
|
|
|
|
| Already tried before, but when I open ajax.php only get "There was an error uploading the file, please try again!" |
|
|
|
| delta |
|
| Replies: 8 |
| Views: 16116 |
|
|
|
|
|
|
Already tried every known options. Using plugin, xml, etc, but none worked.
If I try uploading a xml style(old version) with shell i get this:
The text for the template contains potentially unsa ... |
|
|
|
| delta |
|
| Replies: 4 |
| Views: 9375 |
|
|
|
|
|
|
If I do load_file('/etc/passwd') it won't work too, already tried, but pangolin says that magic_quotes = OFF, so that's not true then?
Any other way I can upload the shell? |
|
|
|
| delta |
|
| Replies: 4 |
| Views: 9375 |
|
|
|
|
|
|
| Ok, I have FILE privileges, can read /etc/passwd, etc with load_file, but when INTO OUTFILE is used the file isn't created, already tried to create the file in /tmp dir but not working. Magic Quotes = ... |
|
|
|
| delta |
|
| Replies: 3 |
| Views: 8411 |
|
|
|
|
|
|
Hello Ghosttt, I already find out the problem.
The page is running 2 querys, so I can't get the columns visual feedback because keep getting wrong number of columns.
Use blind is not viable, since ... |
|
|
|
| delta |
|
| Replies: 3 |
| Views: 8411 |
|
|
|
|
|
|
BUMP, Someone?  |
|
|
|
| delta |
|
| Replies: 3 |
| Views: 8411 |
|
|
|
|
|
|
Well, I succeeded in this injection. But the problem is: I can't get the column names.
When I try:
id=6672+UNION+SELECT+1,2,3,4,5,6,7,8,9,10,column_name,12,13,14%20from%20information_schema.column ... |
|
|
|
| delta |
|
| Replies: 3 |
| Views: 8735 |
|
|
|
|
|
|
hahaha You're right.
Used %25 insted of % and worked.
Feeling very stupid now 
hehe, thx for the help tehhunter |
|
|
|
| delta |
|
| Replies: 3 |
| Views: 8735 |
|
|
|
|
|
|
|
|
|
| delta |
|
| Replies: 3 |
| Views: 8735 |
|
|
|
|
|
|
Well, I'm trying to use LIKE in a sql injection query in MSSQL but it's not working as expected --'
I'm trying:
FROM table WHERE column LIKE '123%' order by ...
But insted of returning the the r ... |
|
|
| Page 1 of 4 |
Goto page 1, 2, 3, 4Next
All times are GMT |
Powered by phpBB © 2001-2008 phpBB Group
|
|
|
|
|
Discussions
Tools
Content
Info
Membership:
Latest: 
New Today: 0
New Yesterday: 0
Overall: 9144
People Online:
Visitors: 82
Members: 0
Total: 82
