SQLi help

SQLi help Hello Gus I have some an application that is vulnerable to sql injecion ... For example, if that was the link http://www.test.com/audioalbumdetails/58+order+by+1/* I get this error msg SELECT id,name,content,time FROM nesote_music_comments WHERE status=1 and service_type='music' and service_id='58 order by 1' ORDER BY time desc LIMIT -5,5 ; MySQL Error: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '-5,5' at line 1 you see that service_id='58 .. when I try close the single quote .. i.e., like this 58'+order+by+1/* I get this problem service_id='58\' order by 1' so that I got escape character for the single quote ... and my order by statement between the quotes ... Any ideas how can I bypass this problem and make successful SQLi ?? I also have something strange when I use -- - instead of /* I get no error and the site is working normaly ??? why is that ?? http://sla.ckers.org/forum/read.php?16,51083,51083#msg-51083 Wed, 22 May 2013 16:45:12 -0500 Phorum 5.2.15a http://sla.ckers.org/forum/read.php?16,51083,51086#msg-51086 Re: SQLi help http://sla.ckers.org/forum/read.php?16,51083,51086#msg-51086
Try making the request
http://www.test.com/audioalbumdetails/58\'+order+by+1;--
And see what happens. It's possible the site is using addslashes() to escape ', ", and \. If that's the case, it's possible that the site is still vulnerable. You can read more about it here:

http://shiflett.org/blog/2006/jan/addslashes-versus-mysql-real-escape-string]]> cr101 SQL and Code Injection Mon, 30 Jul 2012 09:24:20 -0500 http://sla.ckers.org/forum/read.php?16,51083,51083#msg-51083 SQLi help http://sla.ckers.org/forum/read.php?16,51083,51083#msg-51083
For example, if that was the link

http://www.test.com/audioalbumdetails/58+order+by+1/*

I get this error msg
SELECT id,name,content,time FROM nesote_music_comments WHERE status=1 and service_type='music' and service_id='58 order by 1' ORDER BY time desc LIMIT -5,5 ;
MySQL Error: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '-5,5' at line 1

you see that service_id='58 .. when I try close the single quote .. i.e., like this
58'+order+by+1/*
I get this problem service_id='58\' order by 1' so that I got escape character for the single quote ... and my order by statement between the quotes ... Any ideas how can I bypass this problem and make successful SQLi ?? I also have something strange when I use -- - instead of /* I get no error and the site is working normaly ??? why is that ??]]> the_storm SQL and Code Injection Sat, 28 Jul 2012 00:18:11 -0500