Cenzic 232 Patent
Paid Advertising
sla.ckers.org is
ha.ckers sla.cking
Sla.ckers.org
How do you completely compromise a machine given a text box or badly validated input box? This is a place to talk about code issues (PHP includes, null byte injection, backticks, pipe, etc...) as well as how to properly construct an SQL injection attack. 
Go to Topic: PreviousNext
Go to: Forum ListMessage ListNew TopicSearchLog In
sqli help needed
Posted by: flp-
Date: June 05, 2011 01:39AM

Hi everyone, its my first post here and I would be grateful for any help and advice on how to proceed with my sql injection.

This website, http://ucp.l2blackbird.net/login/, has a vulnerable username field in the login box however it seems there is no way to display output (or im too dumb to see it)
I have managed to guess the table I need and some of its fields however im stuck at the part where I actually need to obtain the data from these fields.. I was trying to get something going with outfiles and load_file however I failed, any help or a possible direction of further exploring will be appretiated.

table name accounts fields id,password,email most specfically id - admin

' UNION ALL SELECT 1,2-- in the username box im guessing the actual php script query has id and password as 1,2 possibly strings (I am a beginner so be nice please :P)

Options: ReplyQuote
Re: sqli help needed
Posted by: lightos
Date: June 05, 2011 04:41PM

How do you know those are the tables/columns?

Options: ReplyQuote
Re: sqli help needed
Posted by: flp-
Date: June 05, 2011 07:25PM

x' AND 1=(SELECT COUNT(*) FROM accounts); -- for example does not produce an error in the outpute page, if you change the table accounts to something that's not in the database you will see the error.

I used similar approach to guess some of the columns and it didn't take long to find them, I guess I got lucky.

E.g.
x' AND accounts.email IS NULL; -- does not produce error so email is valid etc. Thats how I found the columns.

Options: ReplyQuote
Re: sqli help needed
Posted by: lightos
Date: June 05, 2011 08:16PM

You can use the same approach to retrieve the data.



Edited 1 time(s). Last edit at 06/05/2011 08:20PM by lightos.

Options: ReplyQuote
Re: sqli help needed
Posted by: flp-
Date: June 05, 2011 09:48PM

Do you recon I should try extracting character by character? Isn't there something else I could try, can you be a little more specific, maybe an example...thanks.

Options: ReplyQuote
Re: sqli help needed
Posted by: lightos
Date: June 06, 2011 04:35AM

x' AND IF(MID(version(),1,1)=5,1,(SELECT 1 FROM accounts))-- -

Options: ReplyQuote


Sorry, only registered users may post in this forum.