Show Posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.


Messages - $uccess

Pages: [1]
1
Hacking and Security / Re: SQLi error-based question
« on: August 05, 2015, 08:53:31 pm »
Update: After a few days, able to do nothing about it. So I just reset the admin password by updating the recovery email in the appropriate column with the help of our favorite sqli friend UPDATE and then logged in, uploaded a php script that allowed to me to see the database username and password and downloaded everything.


Server successfully anally penetrated.
Creativity wins.

2
Hacking and Security / Re: SQLi error-based question
« on: August 02, 2015, 03:46:46 am »
Quote from: Satori on August 01, 2015, 02:40:04 pm
How does your command look for "other columns" then? Did you change column and table names at all or is that some copy paste command you just found?

I suggest you refrain from dumb ass replies like that, I could be your teacher little boy. Copy paste, yeah dude, totally - you're one hell of a genius. The fuck off the thread cutiepie.

Quote from: viktory on August 01, 2015, 05:37:37 pm
It could be possible the column holds no data. Use count()

At least you tried helping. If I'm asking other 'hackers' when I usually just do my own thing it's because I've done everything that could be done. Including the most basic verification like count()

3
Hacking and Security / SQLi error-based question
« on: July 31, 2015, 07:54:34 am »
$uccess here, nice to meet u all.
quick question regarding an sql error based injection that I'm doing:

Code: [Select]
and+(select 1 from(select+count(*),concat((select+concat(name,0x3a,lastname,0x3a,email) from users+limit+0,1),floor(rand(0)*2))x from information_schema.tables+group by x)a) and 1=1--+
ok, so everything cool from here - except that it only works with basic columns data such as first name, last name etc. when I wanna see other columns, it redirects me to the page with no error.
anyone experienced this b4 ? 

update: it seems that the code of the page recognizes certain column names specifically and when they are requested, you get redirected to the normal page.

Pages: [1]