mysql injection help

sla.ckers.org is
ha.ckers sla.cking

How do you completely compromise a machine given a text box or badly validated input box? This is a place to talk about code issues (PHP includes, null byte injection, backticks, pipe, etc...) as well as how to properly construct an SQL injection attack.

Go to Topic: Previous•Next

Go to: Forum List•Message List•New Topic•Search•Log In

mysql injection help

Posted by: reconsider

Date: February 10, 2009 12:37AM

hi

I found an injection but there is some magic filtering. here is the code:

select * from someTable where someColumn LIKE 'INJECTION_HERE' ORDER BY someColumn DESC LIMIT INJECTION_2_HERE, 6

filtering is that
" turns into \\"
' turns into \\\'
\ turns into \\
Other than that, there is no filtering. can this site be owned?
thanks a lot

Edited 1 time(s). Last edit at 02/10/2009 12:38AM by reconsider.

Options: Reply•Quote

Re: mysql injection help

Posted by: reconsider

Date: February 10, 2009 12:49AM

I let injection_2 be
3,3;select SLEEP(30);select * from someTable order by someColumn DESC LIMIT 3

but I get error at or near ';select SLEEP(30);...' at line 5

Options: Reply•Quote

Re: mysql injection help

Posted by: backbone

Date: February 11, 2009 11:34PM

as far as I know you can't stack queries... try UNION

Options: Reply•Quote

Go to: Forum List•Message List•Search•Log In

Sorry, only registered users may post in this forum.

Click here to login