1
General discussion / Re: Playstation 4
« on: February 22, 2013, 04:02:15 am »
So... when will the jailbreak be available? 
Show Posts
This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.
Pages: [1]
2
Hacking and Security / Re: Why this code is not vulnerable to injection ORDER BY?
« on: February 20, 2013, 10:36:50 pm »Correct usage of SQL. You didn't even use my example. And you are wondering why "and 1=0" is not giving you any output. Do yourself a favor and learn SQL. It will be way more fun if you know what you are doing.
When did I wondered why AND 1=0 was not giving me output, man!? No, first, I know SQL and don't be rude.
That's not the problem
Yes, that was the problem. My code is running now as expected.
Regards.
3
Hacking and Security / Re: Why this code is not vulnerable to injection ORDER BY?
« on: February 20, 2013, 10:31:12 pm »
Well, I was making a silly mistake, one of those stupid ones. I was asking for and id that was an integer, and treating the GET value as string.
4
Hacking and Security / Re: Why this code is not vulnerable to injection ORDER BY?
« on: February 20, 2013, 10:19:22 pm »Yo showed nog a single correct usage and i think You should learn tot create before you break:)
What do you mean with the "correct usage"?
5
Hacking and Security / Re: Why this code is not vulnerable to injection ORDER BY?
« on: February 20, 2013, 10:10:36 pm »I will ask: please. Don't reply anyone. And to the topic poster. Please read the tutorial twice or more and learn something about PHP and SQL.
I know that the used of "" is not correct to use, I wanted to try out what would happen.
6
Hacking and Security / Re: Why this code is not vulnerable to injection ORDER BY?
« on: February 20, 2013, 10:01:34 pm »Echo the generated query including your parameters and post it here.
With $query = 'SELECT nombre from users where id="'.$id.'"';:
Query: SELECT nombre from users where id="2" Output: mark
Query: SELECT nombre from users where id="2 order by 5--" Output: mark
Query: SELECT nombre from users where id="2 order by 5--" Output: mark
Query: SELECT nombre from users where id="2"and "1"="0" Output: <no output>
Query: SELECT nombre from users where id="2" order by "6"="6" Output: mark
With query = "SELECT * FROM users WHERE id='$id'"; exactly the same as with double quotes, of course, replacing the " in the query for '.
7
Hacking and Security / Re: Why this code is not vulnerable to injection ORDER BY?
« on: February 20, 2013, 09:36:17 pm »I suggest to use single quoting for the SQL query string so you can easily spot the quotes so for example:Code: (php) [Select]$query = 'SELECT id FROM table WHERE id="' . $id . '";Now you can see it is quoted with "". You can leave the quotes for easier injection. Right now you would want to inject:Code: (sql) [Select]' order by 1 or '1'='1(or order by 1--)
So the end query would be if $id == 1:Code: (sql) [Select]SELECT id FROM table WHERE id='1' order by 1 or '1'='1'
I appreciate your help but it's not working, I can't get columns number with ORDER BY.
8
Hacking and Security / Re: Why this code is not vulnerable to injection ORDER BY?
« on: February 20, 2013, 12:28:06 am »You need a ) after id='$param' so it would be $result = mysql_query("SELECT * FROM user WHERE id='$param'")or die(mysql_error());
You are right, I forgot it when I copied my code here
9
Hacking and Security / Why this code is not vulnerable to injection ORDER BY?
« on: February 19, 2013, 11:28:25 pm »
I'm trying to make some series of SQLi challenges(specially I want to allow launching shells from the injection by calling the DB with a full privilege user) first allowing the injection to be made easily(e.g.: Try if app is injectable with single-quote . Get the numbers of columns with ORDER BY, etc.) but it's not possible to get the number of columns with ORDER BY. Any advice?
Here's the script:
Here's the script:
Code: [Select]
<?php
$con = mysql_connect("localhost", "fp", "fp") or die("Couldn't connect");
mysql_select_db("practice", $con);
$param = $_GET["id"];
$result = mysql_query("SELECT * FROM users WHERE id='$param' or die(mysql_error());
while($row = mysql_fetch_array($result)){
echo $row['name'];
}
?>
10
Web Oriented Coding / Re: How to take over a computer with PHP
« on: February 19, 2013, 11:07:47 pm »Problem is I change my IP regularly when I restart my router. Is there a way to convert your no-ip hostname into your IP with PHP?
Thanks for the info, I'll look into reverse netcat.
Instead of making the access based on IP whitelisting make it based on user-agent.
11
Web Oriented Coding / Re: How to take over a computer with PHP
« on: February 19, 2013, 12:16:10 am »
Make a script that will execute your command with shell_exec() passed via POST or whatever you choose.
12
Projects and Discussion / Re: Project - PS3 to PC
« on: February 19, 2013, 12:03:25 am »
Regarding the OS, old PS3 versions allowed to install some linux distros.
Pages: [1]