Author Topic: SQL injection (Read 6166 times)

worf2910 · « **on:** November 05, 2011, 08:42:28 am »

Hi!
I have the following SQL injection (Im testing it locally for my security purposes) and (argh!) it works!

index.php?lvl=categories&id=453+and%28select+1+from%28select+count%28*%29%2Cconcat%28%28select+%28select+%28select+concat%280x7e%2C0x27%2Ccount%28table_name%29%2C0x27%2C0x7e%29+from+%60information_schema%60.tables+where+table_schema%3D0x6F63696D%29%29+from+%60information_schema%60.tables+limit+0%2C1%29%2Cfloor%28rand%280%29*2%29%29x+from+%60information_schema%60.tables+group+by+x%29a%29+and+1%3D1

I can read my username and encrypted pwd BUT fortunately I cannot INSERT/UPDATE or DELETE anything and the password is 41 digits preceeded with an asterisk (one-way encrypton) Is there a way for someone to use this injection to change my credential? I mean, using in the query the SQL command INSERT etc...

Thank you for an answer
WORF

ande · « **Reply #1 on:** November 05, 2011, 04:10:22 pm »

You cannot use a INSERT or UPDATE command in a SELECT query, unless the script is coded in such a way, that you can do multiple queries. In that case, all you need to do is add ; to the end of the SELECT command and enter a new one after it. But this rarely/never happens.

Santa · « **Reply #2 on:** November 06, 2011, 06:47:14 pm »

Quote from: ande on November 05, 2011, 04:10:22 pm

You cannot use a INSERT or UPDATE command in a SELECT query, unless the script is coded in such a way, that you can do multiple queries. In that case, all you need to do is add ; to the end of the SELECT command and enter a new one after it. But this rarely/never happens.

ok so would this work if i did this

and if so what security should i use so i dont get caught shutting down a site?

ande · « **Reply #3 on:** November 06, 2011, 08:39:46 pm »

Quote from: Santa on November 06, 2011, 06:47:14 pm

ok so would this work if i did this

and if so what security should i use so i dont get caught shutting down a site?

First line dident make sense.

Get yourself some non-logging private proxies. How you get them is up to you.

Santa · « **Reply #4 on:** November 06, 2011, 10:00:46 pm »

Quote from: ande on November 06, 2011, 08:39:46 pm

First line dident make sense.

Get yourself some non-logging private proxies. How you get them is up to you.

Would this work to hit down a website is what I mean

And how do i get a non logging proxy

iAmLuFFy · « **Reply #5 on:** November 06, 2011, 10:18:18 pm »

Quote from: Santa on November 06, 2011, 10:00:46 pm

Would this work to hit down a website is what I mean

HaHa.. now you are on complete diffrent topic. that code is not for shutting down the site.

Why don't you read some tutorial given in this forum.

Quote from: Santa on November 06, 2011, 10:00:46 pm

And how do i get a non logging proxy

there are some threads about proxies in hacking sections. surf a bit on that.

Stackprotector · « **Reply #6 on:** November 06, 2011, 10:38:43 pm »

Quote from: iAmLuFFy on November 06, 2011, 10:18:18 pm

HaHa.. now you are on complete diffrent topic. that code is not for shutting down the site.

Why don't you read some tutorial given in this forum.

there are some threads about proxies in hacking sections. surf a bit on that.

He is reading tutorials on forums.
If your goal is to take down a website, sqli is a very good start.
When you are lucky you can gather e.g the admin password, and try to fuck things up, or get acces to the control panels running the website.

Kulverstukas · « **Reply #7 on:** November 06, 2011, 10:52:32 pm »

How come this "SQL injection" link example is the same as one posted by Santa?
http://evilzone.org/general-discussion/sql-injection-question/msg11173/#msg11173

Looks fishy

Santa · « **Reply #8 on:** November 06, 2011, 10:55:09 pm »

Quote from: Kulverstukas on November 06, 2011, 10:52:32 pm

How come this "SQL injection" link example is the same as one posted by Santa?
http://evilzone.org/general-discussion/sql-injection-question/msg11173/#msg11173

Looks fishy

Because I posted a topic wondering if it woul work
I dont claim anything is mine

Kevin · « **Reply #9 on:** November 24, 2011, 02:55:26 pm »

How to prevent SQL injection attacks?
plz help me......

ande · « **Reply #10 on:** November 24, 2011, 03:06:16 pm »

Quote from: Kevin on November 24, 2011, 02:55:26 pm

How to prevent SQL injection attacks?
plz help me......

How did this one get in?..

"plz" wont work very well in here, infact its reason to kill.

Learn things from the ground up, and you will know how to secure yourself against SQL injections.

Huntondoom · « **Reply #11 on:** November 24, 2011, 10:57:51 pm »

Still one Thing I dont understand about this all is: How the hell do you give commands?
I have no idea where to put SELECT, INSERT or any other command :S

ande · « **Reply #12 on:** November 25, 2011, 09:56:14 am »

Quote from: Huntondoom on November 24, 2011, 10:57:51 pm

Still one Thing I dont understand about this all is: How the hell do you give commands?
I have no idea where to put SELECT, INSERT or any other command :S

Helps if you know MySQL or any other SQL language

EvilZone

News:

Author Topic: SQL injection (Read 6166 times)

worf2910

SQL injection

ande

Re: SQL injection

Santa

Re: SQL injection

ande

Re: SQL injection

Santa

Re: SQL injection

iAmLuFFy

Re: SQL injection

Stackprotector

Re: SQL injection

Kulverstukas

Re: SQL injection

Santa

Re: SQL injection

Kevin

Re: SQL injection

ande

Re: SQL injection

Huntondoom

Re: SQL injection

ande

Re: SQL injection