EvilZone

Hacking and Security => Hacking and Security => : peak October 26, 2012, 08:19:47 PM

: SQL Injection Question
: peak October 26, 2012, 08:19:47 PM

Hello EZ Members

The Task is very simple tough the answer is not.

There are 3 Rules in this real life sqlinjection.

1. MySQL Server without Subqueries (Subqueries are not supported <4.1)
2. Union Injection without Output.
3. Error Messages contain no extra information (no error based injection possible)
4. No Sleep and benchmark does not make a significant change in response time (no time based injection possible)

But I do know the tables and columns!

What I think could be the solution:

I can work out a different kind of blind injection using the union and and if statement in the where part.
The Problem is:
I need something like (select 1 union select 2) that will be a valid part of a sql Query but without a subquery used to let it fail and give me a feedback is the equation I use for blind injection is true or false.

I failed to find something like that yet.

Maybe some l33t old mysql Admin has an Idea?

sincerely

peak

: Re: SQL Injection Question
: Dio-Gt November 11, 2012, 04:19:29 PM

You Want to go manual or with a program like: Havij, sqlmap..?

: Re: SQL Injection Question
: Stackprotector November 11, 2012, 05:39:41 PM

I think you will need plain blind-sqli. Using (programmers example) if(toAscii(substr(table.users.password, 1)) == 1){ TRUE) else FALSE. There are loads of examples based on if the page loads or not.

: Re: SQL Injection Question
: Dio-Gt November 11, 2012, 06:25:10 PM

Blind_SQLi ti's not easy if you want to exact infos ! it will takes hours ..exept if you know where the infos (db,tables etc...) ...

//if you are not fun o manual then better try it with program:)