EvilZone

Hacking and Security => Hacking and Security => : $uccess July 31, 2015, 07:54:34 AM

: SQLi error-based question
: $uccess July 31, 2015, 07:54:34 AM: $uccess here, nice to meet u all.
quick question regarding an sql error based injection that I'm doing:

:
and+(select 1 from(select+count(*),concat((select+concat(name,0x3a,lastname,0x3a,email) from users+limit+0,1),floor(rand(0)*2))x from information_schema.tables+group by x)a) and 1=1--+
ok, so everything cool from here - except that it only works with basic columns data such as first name, last name etc. when I wanna see other columns, it redirects me to the page with no error.
anyone experienced this b4 ?

update: it seems that the code of the page recognizes certain column names specifically and when they are requested, you get redirected to the normal page.
: Re: SQLi error-based question
: Satori August 01, 2015, 02:40:04 PM: How does your command look for "other columns" then? Did you change column and table names at all or is that some copy paste command you just found?
: Re: SQLi error-based question
: viktory August 01, 2015, 05:37:37 PM: It could be possible the column holds no data. Use count()
: Re: SQLi error-based question
: $uccess August 02, 2015, 03:46:46 AM: : Satori August 01, 2015, 02:40:04 PM
How does your command look for "other columns" then? Did you change column and table names at all or is that some copy paste command you just found?

I suggest you refrain from dumb ass replies like that, I could be your teacher little boy. Copy paste, yeah dude, totally - you're one hell of a genius. The fuck off the thread cutiepie.

: viktory August 01, 2015, 05:37:37 PM
It could be possible the column holds no data. Use count()

At least you tried helping. If I'm asking other 'hackers' when I usually just do my own thing it's because I've done everything that could be done. Including the most basic verification like count()
: Re: SQLi error-based question
: Satori August 02, 2015, 01:57:20 PM: : $uccess August 02, 2015, 03:46:46 AM
I suggest you refrain from dumb ass replies like that, I could be your teacher little boy. Copy paste, yeah dude, totally - you're one hell of a genius. The fuck off the thread cutiepie.

At least you tried helping. If I'm asking other 'hackers' when I usually just do my own thing it's because I've done everything that could be done. Including the most basic verification like count()

First forum post: "it only works with basic columns data such as first name, last name" posts a statement specifically requesting those columns.. okay

2nd forum post: Insulting a senior member and acting like you're the shit..... ooooookay
"I usually just do my own thing" better keep doing that because i doubt you will be here for long you little fudgepacker.
: Re: SQLi error-based question
: $uccess August 05, 2015, 08:53:31 PM: Update: After a few days, able to do nothing about it. So I just reset the admin password by updating the recovery email in the appropriate column with the help of our favorite sqli friend UPDATE and then logged in, uploaded a php script that allowed to me to see the database username and password and downloaded everything.

Server successfully anally penetrated.
Creativity wins.