Waraxe IT Security Portal

noone · Beginner

hi every one Smile

i just start learn sql inject ... i start some sql inject in some site & i can't continue ... I'm a mew in sql so please help me

--------

i will give the information that i found

http://www.XXX.com/index.aspx?status=subject&cat=art&id=9 union select

when i but select statement i get an error say

-----------------------------------------------------------------------------------

The SELECT statement includes a reserved word or an argument name that is misspelled or missing, or the punctuation is incorrect.

-----------------------------------------------------------------------------------

i use order by

and null

but noting ... i cat get to any thing

but when i but

http://www.XXX.com/index.aspx?status=subject&cat=art&id=9 union select null

i get this msg

-------------------------------------------------------------------------------------
Query input must contain at least one table or query.
-------------------------------------------------------------------------------------
so i but

union select null from users

and i get this msg

----------------------------------------------------------------------------------
The Microsoft Jet database engine cannot find the input table or query 'users'. Make sure it exists and that its name is spelled correctly.
------------------------------------------------------------------------------------

so i change it from users to user

and i get

Syntax error in FROM clause.

so i add null

and the same msg

so i add more and more null and the same msg

i try to change something in the format so i make it like :

http://www.xxx.com/index.aspx?status=subject&cat=art&id=9/*/union/*/select/*/null,null/*/from user

i get this msg

Syntax error (missing operator) in query expression 'Id=9/*/'.

so i make it like this

http://www.xxx.com/index.aspx?status=subject&cat=art&id=9+union+select+null,null+from user

and i get

Syntax error in FROM clause.

so i change it like this

id=9+union+select+null,null+from user--

and i get the same msg above

please i don't what i can do

nothing in null i try more then 20 null

and nothing in order by

i don't now if there any new way or old way i don't now i just tell you i'm new in sql

some information from the site

----------------------------------------
Version Information: Microsoft .NET Framework Version:2.0.50727.3603; ASP.NET Version:2.0.50727.3614
-----------------------------------------

Source File: d:\xxx\xxx\xxx.com\App_Code\Code\frontquery.cs