|
|
|
|
Menu |
|
|
Home |
| |
|
Discussions |
| |
|
Tools |
| |
|
Affiliates |
| |
|
Content |
| |
|
Info |
| | |
|
|
|
|
|
User Info |
|
Membership:
Latest: MichaelSnaRe
New Today: 0
New Yesterday: 0
Overall: 9144
People Online:
Visitors: 65
Members: 0
Total: 65
|
|
|
|
|
|
Full disclosure |
|
|
|
|
|
|
|
|
|
IT Security and Insecurity Portal |
|
|
Inject an ORDER BY |
|
Posted: Mon Apr 19, 2010 11:52 am |
|
|
golumgolum |
Beginner |
|
|
Joined: Apr 19, 2010 |
Posts: 3 |
|
|
|
|
|
|
|
Hi everybody, I'm a newbie in SQL Injection, and I have a question for you.
My url : Code: | www.***.php?tri=REF |
When I trie to inject for exemple Code: | www.***.php?tri=10' |
We can see this result : Code: | SELECT * FROM marches WHERE ETAT_OFFRE=2 order by 10\' DESC limit 0,5) |
So my injection goes in the order by ...
And the UNION technic is impossible.
I saw some technics like : Code: | tri=1, (SELECT (CASE WHEN (1=1) THEN 1 ELSE SHOW END)) |
but I don't understand a lot.
so, If you have an idea to help, tell me. |
|
|
|
|
Posted: Mon Apr 19, 2010 4:45 pm |
|
|
vince213333 |
Advanced user |
|
|
Joined: Aug 03, 2009 |
Posts: 737 |
Location: Belgium |
|
|
|
|
|
|
have a look here:
Code: | http://www.bonsai-sec.com/blog/index.php/not-the-average-sql-injection/ |
The bottom part is what you're looking for |
|
|
|
|
Posted: Mon Apr 19, 2010 7:56 pm |
|
|
golumgolum |
Beginner |
|
|
Joined: Apr 19, 2010 |
Posts: 3 |
|
|
|
|
|
|
|
Thanks a lot
|
|
|
|
|
www.waraxe.us Forum Index -> General discussion
You cannot post new topics in this forum You cannot reply to topics in this forum You cannot edit your posts in this forum You cannot delete your posts in this forum You cannot vote in polls in this forum
|
All times are GMT
Page 1 of 1
|
|
|
Powered by phpBB © 2001-2008 phpBB Group
|
|
|
|
|
|
|