Cenzic 232 Patent
Paid Advertising
sla.ckers.org is
ha.ckers sla.cking
Sla.ckers.org
How do you completely compromise a machine given a text box or badly validated input box? This is a place to talk about code issues (PHP includes, null byte injection, backticks, pipe, etc...) as well as how to properly construct an SQL injection attack. 
Go to Topic: PreviousNext
Go to: Forum ListMessage ListNew TopicSearchLog In
a wierd Sql Injection
Posted by: Desperado
Date: April 26, 2013 04:02AM

Injection:http://store.yam.com/store/index.php?action=store_product_sort&prod_sort_uid=400')%20and%201=2


This Injection can't be connected in sqlmap y others inject tools, these tools show me Host No Found. i've used the normal method like order by xx, it doesn't work here,and the this injection don't expose the mysql_error.



I think the sql is select * from xx where id in('xx'), any Helps??



Edited 2 time(s). Last edit at 04/26/2013 04:19AM by Desperado.

Options: ReplyQuote


Sorry, only registered users may post in this forum.