Author Topic: SQLi error-based question (Read 1327 times)

$uccess · « **on:** July 31, 2015, 07:54:34 am »

$uccess here, nice to meet u all.
quick question regarding an sql error based injection that I'm doing:

and+(select 1 from(select+count(*),concat((select+concat(name,0x3a,lastname,0x3a,email) from users+limit+0,1),floor(rand(0)*2))x from information_schema.tables+group by x)a) and 1=1--+

ok, so everything cool from here - except that it only works with basic columns data such as first name, last name etc. when I wanna see other columns, it redirects me to the page with no error.
anyone experienced this b4 ?

update: it seems that the code of the page recognizes certain column names specifically and when they are requested, you get redirected to the normal page.

Satori · « **Reply #1 on:** August 01, 2015, 02:40:04 pm »

How does your command look for "other columns" then? Did you change column and table names at all or is that some copy paste command you just found?

viktory · « **Reply #2 on:** August 01, 2015, 05:37:37 pm »

It could be possible the column holds no data. Use count()

$uccess · « **Reply #3 on:** August 02, 2015, 03:46:46 am »

Quote from: Satori on August 01, 2015, 02:40:04 pm

How does your command look for "other columns" then? Did you change column and table names at all or is that some copy paste command you just found?

I suggest you refrain from dumb ass replies like that, I could be your teacher little boy. Copy paste, yeah dude, totally - you're one hell of a genius. The fuck off the thread cutiepie.

Quote from: viktory on August 01, 2015, 05:37:37 pm

It could be possible the column holds no data. Use count()

At least you tried helping. If I'm asking other 'hackers' when I usually just do my own thing it's because I've done everything that could be done. Including the most basic verification like count()

Satori · « **Reply #4 on:** August 02, 2015, 01:57:20 pm »

Quote from: $uccess on August 02, 2015, 03:46:46 am

I suggest you refrain from dumb ass replies like that, I could be your teacher little boy. Copy paste, yeah dude, totally - you're one hell of a genius. The fuck off the thread cutiepie.

At least you tried helping. If I'm asking other 'hackers' when I usually just do my own thing it's because I've done everything that could be done. Including the most basic verification like count()

First forum post: "it only works with basic columns data such as first name, last name" posts a statement specifically requesting those columns.. okay

2nd forum post: Insulting a senior member and acting like you're the shit..... ooooookay
"I usually just do my own thing" better keep doing that because i doubt you will be here for long you little fudgepacker.

$uccess · « **Reply #5 on:** August 05, 2015, 08:53:31 pm »

Update: After a few days, able to do nothing about it. So I just reset the admin password by updating the recovery email in the appropriate column with the help of our favorite sqli friend UPDATE and then logged in, uploaded a php script that allowed to me to see the database username and password and downloaded everything.

Server successfully anally penetrated.
Creativity wins.

EvilZone

News:

Author Topic: SQLi error-based question (Read 1327 times)

$uccess

SQLi error-based question

Satori

Re: SQLi error-based question

viktory

Re: SQLi error-based question

$uccess

Re: SQLi error-based question

Satori

Re: SQLi error-based question

$uccess

Re: SQLi error-based question