Cenzic 232 Patent
Paid Advertising
sla.ckers.org is
ha.ckers sla.cking
Sla.ckers.org
How do you completely compromise a machine given a text box or badly validated input box? This is a place to talk about code issues (PHP includes, null byte injection, backticks, pipe, etc...) as well as how to properly construct an SQL injection attack. 
Go to Topic: PreviousNext
Go to: Forum ListMessage ListNew TopicSearchLog In
SQLi problems.
Posted by: Sr.Gr33n
Date: January 27, 2013 06:42AM

Hi everybody, I'm having seriusly problems so as to make an SQLi.
I'm versus MYSQL 4.0.2 so it's a blind SQLi... and I'm trying to know table names..

1 and (/*!50000 Select*/ 1) = 1--

seems to be functional but i have tried

1 and (/*!50000 Select count(*) from*/ COLLATION) = 1 --

and I can't see the webpage... and It's strange because COLLATION is a table that ever exists... so I don't know where the problem is.

Gr33tings!

PD. I'm new in SQLi any guide is accepted.

Options: ReplyQuote
Re: SQLi problems.
Posted by: firestorm
Date: January 28, 2013 03:27AM

Hi, please understand this that the part in comments in query is not even being evaluated.

writing /*!50000 something */ means that the part "something" will only be considered if the version is greater than or equal to 5. Since you mentioned that its a version 4, hence "something" is being commented out!

so better replace 5 with 4 or 3, that should do.

Further, try error based based before the attempting for blind. There are many good tutorials on web.

Happy learning .

PS:
Consider sharing the link, that helps the community to help you more and we all learn more about strange and interesting injections.

Regards

Options: ReplyQuote
Re: SQLi problems.
Posted by: Sr.Gr33n
Date: January 29, 2013 05:29AM

modes[dot]unizar[dot]es/noticia_completa[dot]php?id=14

9 columns, version 4.0.2-standard log, database 0x676D652D676D65.

I've tried error 2xBased SQLi by following this guide ~>

www[dot]vaibs[dot]in/error-based-double-query-injection/

But i think that my web isn't vulnerable.

I have found lots of guides about error 2xBased SQLi but in no one it's explaied
the theory about the vulnerability... any link?

Gr33tings!

Options: ReplyQuote
Re: SQLi problems.
Posted by: Reiners
Date: March 07, 2013 03:17PM

Sr.Gr33n Wrote:
-------------------------------------------------------
> 1 and (/*!50000 Select count(*) from*/ COLLATION)
> = 1 --
>
> and I can't see the webpage... and It's strange
> because COLLATION is a table that ever exists...

as a side note:
table COLLATION exists in the database information_schema, so you better specify it if you want to access it:

select count(') from information_schema.collation

however, if you are working on mysql 4, database information_schema is not available anyway.

Options: ReplyQuote
Re: SQLi problems.
Posted by: Sr.Gr33n
Date: March 11, 2013 11:29AM

I have tried injections like that one

and (select 1 from usuarios limit 0,1)=1--

so as to identify tables in the current db but it's impossible because

and (select 1)=1--

doesn't work.

I don't know how to inject the web, i have read about 2xBased injection but i'm absolutley lost.

Options: ReplyQuote


Sorry, only registered users may post in this forum.