Waraxe IT Security Portal

Pancakebuddy · Beginner

The site I am testing for vulnerabilities has a URL structure like this:

http://www.site.com/stuff/thing.php?id= (exploit here)

I am able to get sql errors by putting code after the = sign but it behaves in a really weird way. For example if I put

http://www.site.com/stuff/thing.php?id=' or 1=1--

It returns:

You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '\'or 1=1-- LIMIT 1' at line 1

It seems to add LIMIT 1 to the end of my query..can someone make sense out of this?

I'm trying to do UNION SELECT injections in the URL however I can't seem to get the column numbers right..I manually tried brute forcing it up to 100..no luck.

I tried using :
1 ORDER BY 10--

Got an error, the only values that don't error are 1 and 2. However when I try this with the union injection it says that "The used select statements have a different number of columns".

I'm out of ideas here..if anyone could point me in the right direction that would be great.

It's also worth nothing that anytime I get an sql error back this is also on the page:

#0 error(Some fields left blank) called at [/home/site/public_html/thing/core/char/char_security.php:24]

Sometimes there are more similar errors like this. Does this mean my injection attempt was caught?

vince213333 · Advanced user