EvilZone
Hacking and Security => Hacking and Security => : Scabtree January 09, 2013, 12:10:21 AM
-
I have come across a SQL error for a url which includes: index.php?ip_addr=' and the error is as follows:
You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '''') ) GROUP BY cpz.p_id' at line 4
SELECT cpz.p_id, COUNT(cpz.num) AS total FROM customers_products_nums cpv INNER JOIN product_today wp ON wp.p_id=cpz.p_id WHERE ( cpz.ip_addr=INET_ATON(''') ) GROUP BY cpz.p_id
As you can see, the GET statement is inside the INET_ATON() function. My question is how do I get out of the function, so I can run sql injection on that parameter? I've been stuck on this for a while now (yea, I know... sad) but I'm certain that someone here can help me... :)
-
WHERE ( cpz.ip_addr=INET_ATON('')) OR 1=1 OR (cpz.ip_addr=INET_ATON('RAWR')) GROUP BY
')) OR 1=1 OR (cpz.ip_addr=INET_ATON('RAWR
Try that
-
Thank Relax! I really appreciate your help :)
I don't quite understand what 'RAWR' variable is in : INET_ATON('RAWR')
Would you provide a simple example such as getting the name of the current database? SELECT database() and have that return in the query?
Thanks Again !!
-
I don't quite understand what 'RAWR' variable is in : INET_ATON('RAWR')
(http://t3.gstatic.com/images?q=tbn:ANd9GcTjZlYUYr5k1PNSjCmgGzxMJI-n4FP8-czvJey8c8ZpKy84aKPwsSxyNFWX)
-
Here you have some links that should answer your questions about sql injection
http://evilzone.org/tutorials/just-some-links/msg42976/
@wabi u speak my language +1
-
Thanks !! I'm loving this forum.
I don't actually have a URL, since it's an internal site. However, if this: index.php?ip_addr=' results in this error:
SELECT cpz.p_id, COUNT(cpz.num) AS total FROM customers_products_nums cpv INNER JOIN product_today wp ON wp.p_id=cpz.p_id WHERE ( cpz.ip_addr=INET_ATON(''') ) GROUP BY cpz.p_id
What SQL injection could allow the retrieval of the database name, or something very very simple like that...
-
What SQL injection could allow the retrieval of the database name, or something very very simple like that...
Here you have some links that should answer your questions about sql injection
http://evilzone.org/tutorials/just-some-links/msg42976/ (http://evilzone.org/tutorials/just-some-links/msg42976/)
I am sorry but you really need to figure this out yourself, getting the answers on a silver platter won't teach you anything
-
Actually, I've been trying to figure this out for about 7 months now. I have exhausted my resources, and being instructed on how to preform a simple query with this expression would teach me volumes.
But I understand if you can't figure this out either; I'll find someone more experienced.
Thanks again for your time.
-
Actually, I've been trying to figure this out for about 7 months now. I have exhausted my resources, and being instructed on how to preform a simple query with this expression would teach me volumes.
But I understand if you can't figure this out either; I'll find someone more experienced.
Thanks again for your time.
I'm sorry if it has taken you 7 months to come this far then I suggest you give up on hacking.
Also it would be nice if you made an introduction of yourself before you start asking for help.
If you want to ask someone else for the answer, feel free but I'm guessing you will get the same answer....
Have a great day
-
Thanks! You have a good day as well. :)
-
But I understand if you can't figure this out either; I'll find someone more experienced.
Wow.
Anyway, it is true that the answer to your problem can be found simply enough. I've been programming for quite a while less than 7 months and it didn't take much for me to find the answer... Relax is actually doing you a favor with that response, it's teaching you not to ask things which can be too easily found out. Continue this, and you'll end up with a lot more negative karma. Sometimes getting flamed is the best way to find out to correct yourself....and tbh he didn't even flame you lol. He just told you how it is. If you get so butt hurt after every little response rather than learn from it, you will not do well here. He already took out his time to help you out, when he felt your question was valid. So then why discourage any further help by insulting his level of experience? :/