Author Topic: [SQLi] Injection Help with INET_ATON() (Read 2352 times)

Scabtree · « **on:** January 09, 2013, 12:10:21 am »

I have come across a SQL error for a url which includes: index.php?ip_addr=' and the error is as follows:

You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '''') ) GROUP BY cpz.p_id' at line 4

SELECT cpz.p_id, COUNT(cpz.num) AS total FROM customers_products_nums cpv INNER JOIN product_today wp ON wp.p_id=cpz.p_id WHERE ( cpz.ip_addr=INET_ATON(''') ) GROUP BY cpz.p_id

As you can see, the GET statement is inside the INET_ATON() function. My question is how do I get out of the function, so I can run sql injection on that parameter? I've been stuck on this for a while now (yea, I know... sad) but I'm certain that someone here can help me...

relax · « **Reply #1 on:** January 09, 2013, 12:32:28 pm »

Quote

WHERE ( cpz.ip_addr=INET_ATON('')) OR 1=1 OR (cpz.ip_addr=INET_ATON('RAWR')) GROUP BY

Code: [Select]

')) OR 1=1 OR (cpz.ip_addr=INET_ATON('RAWR
Try that

Scabtree · « **Reply #2 on:** January 09, 2013, 06:45:29 pm »

Thank Relax! I really appreciate your help

I don't quite understand what 'RAWR' variable is in : INET_ATON('RAWR')

Would you provide a simple example such as getting the name of the current database? SELECT database() and have that return in the query?

Thanks Again !!

wabi · « **Reply #3 on:** January 09, 2013, 10:57:54 pm »

Quote from: Scabtree on January 09, 2013, 06:45:29 pm

I don't quite understand what 'RAWR' variable is in : INET_ATON('RAWR')

relax · « **Reply #4 on:** January 09, 2013, 11:09:08 pm »

Here you have some links that should answer your questions about sql injection
http://evilzone.org/tutorials/just-some-links/msg42976/

@wabi u speak my language +1

Scabtree · « **Reply #5 on:** January 09, 2013, 11:51:12 pm »

Thanks !! I'm loving this forum.

I don't actually have a URL, since it's an internal site. However, if this: index.php?ip_addr=' results in this error:

SELECT cpz.p_id, COUNT(cpz.num) AS total FROM customers_products_nums cpv INNER JOIN product_today wp ON wp.p_id=cpz.p_id WHERE ( cpz.ip_addr=INET_ATON(''') ) GROUP BY cpz.p_id

What SQL injection could allow the retrieval of the database name, or something very very simple like that...

relax · « **Reply #6 on:** January 10, 2013, 02:19:51 am »

Quote

What SQL injection could allow the retrieval of the database name, or something very very simple like that...

Quote from: relax on January 09, 2013, 11:09:08 pm

Here you have some links that should answer your questions about sql injection
http://evilzone.org/tutorials/just-some-links/msg42976/

I am sorry but you really need to figure this out yourself, getting the answers on a silver platter won't teach you anything

Scabtree · « **Reply #7 on:** January 10, 2013, 02:34:39 am »

Actually, I've been trying to figure this out for about 7 months now. I have exhausted my resources, and being instructed on how to preform a simple query with this expression would teach me volumes.

But I understand if you can't figure this out either; I'll find someone more experienced.

Thanks again for your time.

relax · « **Reply #8 on:** January 10, 2013, 02:46:22 am »

Quote from: Scabtree on January 10, 2013, 02:34:39 am

Actually, I've been trying to figure this out for about 7 months now. I have exhausted my resources, and being instructed on how to preform a simple query with this expression would teach me volumes.

But I understand if you can't figure this out either; I'll find someone more experienced.

Thanks again for your time.

I'm sorry if it has taken you 7 months to come this far then I suggest you give up on hacking.
Also it would be nice if you made an introduction of yourself before you start asking for help.
If you want to ask someone else for the answer, feel free but I'm guessing you will get the same answer....

Have a great day

Scabtree · « **Reply #9 on:** January 10, 2013, 05:09:49 am »

Thanks! You have a good day as well.

Uriah · « **Reply #10 on:** January 11, 2013, 01:16:56 am »

Quote from: Scabtree on January 10, 2013, 02:34:39 am

But I understand if you can't figure this out either; I'll find someone more experienced.

Wow.
Anyway, it is true that the answer to your problem can be found simply enough. I've been programming for quite a while less than 7 months and it didn't take much for me to find the answer... Relax is actually doing you a favor with that response, it's teaching you not to ask things which can be too easily found out. Continue this, and you'll end up with a lot more negative karma. Sometimes getting flamed is the best way to find out to correct yourself....and tbh he didn't even flame you lol. He just told you how it is. If you get so butt hurt after every little response rather than learn from it, you will not do well here. He already took out his time to help you out, when he felt your question was valid. So then why discourage any further help by insulting his level of experience? :/

EvilZone

News:

Author Topic: [SQLi] Injection Help with INET_ATON() (Read 2352 times)

Scabtree

[SQLi] Injection Help with INET_ATON()

relax

Re: [SQLi] Injection Help with INET_ATON()

Scabtree

Re: [SQLi] Injection Help with INET_ATON()

wabi

Re: [SQLi] Injection Help with INET_ATON()

relax

Re: [SQLi] Injection Help with INET_ATON()

Scabtree

Re: [SQLi] Injection Help with INET_ATON()

relax

Re: [SQLi] Injection Help with INET_ATON()

Scabtree

Re: [SQLi] Injection Help with INET_ATON()

relax

Re: [SQLi] Injection Help with INET_ATON()

Scabtree

Re: [SQLi] Injection Help with INET_ATON()

Uriah

Re: [SQLi] Injection Help with INET_ATON()