Paid Advertising is
ha.ckers sla.cking
How do you completely compromise a machine given a text box or badly validated input box? This is a place to talk about code issues (PHP includes, null byte injection, backticks, pipe, etc...) as well as how to properly construct an SQL injection attack. 
Go to Topic: PreviousNext
Go to: Forum ListMessage ListNew TopicSearchLog In
help with blind sql injection
Posted by: jammy99
Date: September 14, 2013 07:20AM

this is a blind sql injection vulnerable URL

?data=valid' and '1'='1

i want to know database name and tables names and want to inject this query

AND ISNULL(ASCII(SUBSTRING(CAST((SELECT LOWER(db_name(0)))AS varchar(8000)),1,1)),0)>90

what could be the correct syntax to injection this query in above blind sql injection?

Or how can i inject this query in above url

Also im not sure which database is being used by the web application its a Servlet actually. Please help me to find what database is being used by the web application if its not MS SQL

Edited 1 time(s). Last edit at 09/14/2013 07:25AM by jammy99.

Options: ReplyQuote

Sorry, only registered users may post in this forum.