|
|
|
|
|
|
IT Security and Insecurity Portal |
|
|
SQL injection - help me - |
|
Posted: Sun May 10, 2009 2:28 am |
|
|
Snap |
Active user |
|
|
Joined: Apr 14, 2008 |
Posts: 25 |
|
|
|
|
|
|
|
I am trying to make an SQL injection ...
in the input field i type: '
and i got ...
Code: | Warning: mysql_result(): supplied argument is not a valid MySQL result resource in /var/www/****.com/html/l***.php on line 6**
INSERT INTO Search_terms VALUES (NULL,'''',,'11.111.11.111',now())You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ''11.111.11.111',now())' at line 1
Warning: mysql_num_rows(): supplied argument is not a valid MySQL result resource in /var/www/****.com/html/l***.php on line 7** |
is the injection possible in this scenario ? what should i do ?
note: "11.111.11.111" is my ipaddress
thanks in advance ! |
|
|
|
|
Posted: Mon May 11, 2009 7:12 am |
|
|
Snap |
Active user |
|
|
Joined: Apr 14, 2008 |
Posts: 25 |
|
|
|
|
|
|
|
|
|
|
|
Posted: Mon May 11, 2009 8:41 am |
|
|
ToXiC |
Moderator |
|
|
Joined: Dec 01, 2004 |
Posts: 181 |
Location: Cyprus |
|
|
|
|
|
|
you didnt make any tests if the application has an sql injection.
good test to make are..
http://localhost/index.php?pageid=1+and+1=1 ( TRUE )
http://localhost/index.php?pageid=1+and+1=2 ( FALSE )
if those tests are correct then the web application suffers from sql injection
Then based on many factors like mysql version etc etc
you proceed with other tests if its blind or normal sql injection
I would recommend :
0x90 absinthe sql injector
paros proxy
and priamos sql injector
and Acunetix web vulnerability scanner
BE CAREFULL .. Those apps make a lot of traffic and your ip will be logged easily !!!!! |
|
_________________ who|grep -i blonde|talk; cd~;wine;talk;touch;unzip;touch; strip;gasp;finger;gasp;mount; fsck; more; yes; gasp; umount; make clean; sleep;wakeup;goto http://www.md5this.com |
|
|
|
|
|
|
|
Posted: Mon May 11, 2009 10:18 pm |
|
|
Snap |
Active user |
|
|
Joined: Apr 14, 2008 |
Posts: 25 |
|
|
|
|
|
|
|
if i make
'OR''='
i get a valid page |
|
|
|
|
Posted: Mon May 11, 2009 10:22 pm |
|
|
capt |
Advanced user |
|
|
Joined: Nov 04, 2008 |
Posts: 232 |
|
|
|
|
|
|
|
do what he said. and 1=0 = False Output and 1=1 = True Output.
If this works then you have a sql injection. |
|
|
|
|
Posted: Wed May 13, 2009 11:36 am |
|
|
waraxe |
Site admin |
|
|
Joined: May 11, 2004 |
Posts: 2407 |
Location: Estonia, Tartu |
|
|
|
|
|
|
You seem to have sql-related coding bug in INSERT query,so if it's sql injection, then probably you need blind injection exploitation.
But specific sql error message is rather confusing:
Code: |
VALUES (NULL,'''',,'11.111.11.111',now())
|
It seems, that single quote is sanitized by making it double (''), but one field in INSERT query is empty (,,). So I'm not sure, that this coding bug is exploitable. Are you sure, that you copy-pasted sql error exactly how it was originally?
Try other strings for test, like aaa'bbb and look for error feedback. |
|
|
|
|
www.waraxe.us Forum Index -> Sql injection
You cannot post new topics in this forum You cannot reply to topics in this forum You cannot edit your posts in this forum You cannot delete your posts in this forum You cannot vote in polls in this forum
|
All times are GMT
Page 1 of 1
|
|
|
Powered by phpBB © 2001-2008 phpBB Group
|
|
|
|
|