 |
|
 |
 |
Menu |
 |
|
 Home |
| |
|
 Discussions |
| |
|
 Tools |
| |
|
| Affiliates |
| |
|
 Content |
| |
|
 Info |
| | |
|
|
|
|
|
User Info |
|
 Membership:
 Latest: MichaelSnaRe
 New Today: 0
 New Yesterday: 0
 Overall: 9144
 People Online:
 Visitors: 216
 Members: 0
 Total: 216
|
|
|
|
|
|
Full disclosure |
|
|
|
 |
|
 |
 |
|
 |
IT Security and Insecurity Portal |
|
|
Wrong command? |
|
 Posted: Fri Sep 11, 2009 2:33 pm |
 |
|
| protectvn |
| Beginner |
 |
|
| Joined: Sep 11, 2009 |
| Posts: 1 |
|
|
|
 |
|
 |
|
I see site: http://*******/sock/login.php
And i tired login by sql injection.
In login.php have:
| Code: |
$query = "SELECT * FROM ".$prefix."users WHERE username = '$username'";
|
And my command is:
| Code: | | admin'";UPDATE ".$prefix."users SET username='getroot' WHERE uid='1' |
But result is wrong 
Who can help me?
Thank you very much
[[Edited by waraxe - no sensitive info!]] |
|
|
|
|
| Posted: Fri Sep 11, 2009 5:26 pm |
|
|
| waraxe |
| Site admin |
 |
|
| Joined: May 11, 2004 |
| Posts: 2407 |
| Location: Estonia, Tartu |
|
|
|
|
|
|
First - this is MySql/PHP platform, right? It does not support multiple (stacked) queries through php.
Second - are you sure, that sql injection actually exists? In case of "magic_quotes_gpc=on" such attack is usually not working. |
|
|
|
|
www.waraxe.us Forum Index -> Sql injection
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
|
All times are GMT
Page 1 of 1
|
|
|
|
Powered by phpBB © 2001-2008 phpBB Group
|
|
|
|
|
|
|
