|
|
|
|
Menu |
|
|
Home |
| |
|
Discussions |
| |
|
Tools |
| |
|
Affiliates |
| |
|
Content |
| |
|
Info |
| | |
|
|
|
|
|
User Info |
|
Membership:
Latest: MichaelSnaRe
New Today: 0
New Yesterday: 0
Overall: 9144
People Online:
Visitors: 82
Members: 0
Total: 82
|
|
|
|
|
|
Full disclosure |
|
|
|
|
|
|
|
|
|
IT Security and Insecurity Portal |
|
|
Can't find the number of columns! |
|
Posted: Fri Aug 08, 2008 6:11 pm |
|
|
x3roconf_ |
Advanced user |
|
|
Joined: May 01, 2008 |
Posts: 101 |
|
|
|
|
|
|
|
news.php?id=409' --> You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '' ORDER BY datePosted DESC' at line 1
But when i try "union all select" it always says --> The used SELECT statements have a different number of columns!
How i can find the number of columns? (ORDER BY not working properly) |
|
|
|
|
Posted: Fri Aug 08, 2008 6:43 pm |
|
|
oniric |
Advanced user |
|
|
Joined: Jul 24, 2008 |
Posts: 65 |
|
|
|
|
|
|
|
Try
news.php?id=409%20ORDER%20BY%20n%20--%20
and substitute n with a number. Try first n=4 and it this throws an error try n/2, if it doesn't give errors increment n. Using such a method you should be able to find the desired number of columns. |
|
|
|
|
Posted: Fri Aug 08, 2008 6:53 pm |
|
|
x3roconf_ |
Advanced user |
|
|
Joined: May 01, 2008 |
Posts: 101 |
|
|
|
|
|
|
|
oniric wrote: | Try
news.php?id=409%20ORDER%20BY%20n%20--%20
and substitute n with a number. Try first n=4 and it this throws an error try n/2, if it doesn't give errors increment n. Using such a method you should be able to find the desired number of columns. |
When i said that "ORDER BY" is not working properly I meant that i get always "Unknown column in 'order clause' " (even if n=2) |
|
|
|
|
Posted: Fri Aug 08, 2008 8:25 pm |
|
|
oniric |
Advanced user |
|
|
Joined: Jul 24, 2008 |
Posts: 65 |
|
|
|
|
|
|
|
|
|
|
|
Posted: Sat Aug 09, 2008 10:18 am |
|
|
x3roconf_ |
Advanced user |
|
|
Joined: May 01, 2008 |
Posts: 101 |
|
|
|
|
|
|
|
oniric wrote: | Did you try n = 1? |
Yes. |
|
|
|
|
Posted: Thu Aug 14, 2008 3:32 am |
|
|
pZourk |
Regular user |
|
|
Joined: Jun 30, 2008 |
Posts: 8 |
|
|
|
|
|
|
|
|
|
|
|
www.waraxe.us Forum Index -> Sql injection
You cannot post new topics in this forum You cannot reply to topics in this forum You cannot edit your posts in this forum You cannot delete your posts in this forum You cannot vote in polls in this forum
|
All times are GMT
Page 1 of 1
|
|
|
Powered by phpBB © 2001-2008 phpBB Group
|
|
|
|
|
|
|