Show Posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.


Messages - Mrgood

Pages: [1]
1
Hacking and Security / Request for help with SQLi INSERT command
« on: August 26, 2012, 03:55:41 pm »
First of all i really don't want to give you a link for the website. I also want to know how the script would work.

...page=news&id=2 (actually i can't get the script which find news id. Probably it's php. If its a 'must have' for the insertion i would look for it deeper)

The thing which i want to do is for example add new news or update old one. Let's say I want to add news which id=3. I know the database structure thanks The Mole tool. The separator is " ' " and delimiter is "#" (if it can help somehow).

I have learn so many articles. I know how SQLi works and i tried so many tutorials with no results. I have also tried lots of SQLi tools. Only The Mole was able to get some data (but it doesn't help me with any SQL command like insert).

For example:
...page=news&id=2; UPDATE news_update SET content = 'hacked' WHERE id='1'"#
 I am getting mysql synteax error until i form the query like the sample above. Now i got the whole website with "wrong news id" message.

I am not sure what else I should write here. Any clue would be a great gift for me;)

PS. I tried benchamark function like the sample on wikipedia and it worked.
Code: [Select]
x' AND BENCHMARK(9999999,BENCHMARK(999999,BENCHMARK(999999,MD5(NOW()))))=0 OR '1'='1
Are there any other ways to use some function in malicious way?

2
Hacking and Security / Re: vulnerable or not?
« on: August 25, 2012, 09:18:12 pm »
i really dont like to write like this and i feel very embarassed but i want to ask you again. Please help with that sqli insert command

3
Hacking and Security / Re: vulnerable or not?
« on: August 24, 2012, 10:49:56 pm »
I have also tried to do the same without " ' " signs and page loaded with error but nothing happened at all

4
Hacking and Security / Re: vulnerable or not?
« on: August 24, 2012, 07:51:12 pm »
...id=2; UPDATE news_update SET content = 'hacked' WHERE id='1'"#
why it doesnt work? i have mysql syntax error but everything should be ok with " ' " as separator and # as delimiter

5
Hacking and Security / Re: vulnerable or not?
« on: August 24, 2012, 02:08:39 pm »
I've already got the whole database structure but i have used The Mole. I know almost everything but passwords are in sha1 and i can't crack them.
Can you please give me the clue how to add/delete a record? (i know google is my best friend) I asked him, i have read almost every link connected on several result pages.

It should take max 1 min to help me i guess:) (less than writing about 'google is the best')
what should i add to ...page=news&id=2 to add or delete the record.

I know that:
Code: [Select]
[+] Found separator: " ' "
[+] Found DBMS: Mysql
[+] Found comment delimiter: "#"
Also i know that "id" is in the "maindb2" database and "news_update" table. Lets say i would like to add or delete an user in "user" table in the same database.

The mole gave me many info but i cant change anything using this tool.
Is there any way to get database root password using sqli?

6
Hacking and Security / Re: vulnerable or not?
« on: August 22, 2012, 04:14:01 pm »
that was the simplest answer;) i have already looking for it. I am just asking if u know any good tutorial about time based sqli

7
Hacking and Security / Re: vulnerable or not?
« on: August 22, 2012, 11:28:24 am »
yes but what does time based sqli mean? Exactly, I know what does it mean but how to use it? have you got any tutorials or clues fo it?

8
Hacking and Security / Re: vulnerable or not?
« on: August 18, 2012, 05:20:52 pm »
i just joined the forum to learn some SQLi. I have read the tutorial made by ande but I still can't get any result. I have seen also this topic and when u said the site is vulnerable i tried to hack it too. No results at all. I tried to add many things to the link after =1 etc and nothing happened. My question is, how did u do that? Any clues that can help me with SQLi? I understand how SQL and queries work and that's not the problem. Maybe i am doing something wrong.

I didn't want to make another topic so i wrote here.

Pages: [1]