This forum is in archive mode. You will not be able to post new content.

Show Posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.


Messages - $uccess

Pages: [1]
1
Hacking and Security / Re: SQLi error-based question
« on: August 05, 2015, 08:53:31 PM »
Update: After a few days, able to do nothing about it. So I just reset the admin password by updating the recovery email in the appropriate column with the help of our favorite sqli friend UPDATE and then logged in, uploaded a php script that allowed to me to see the database username and password and downloaded everything.


Server successfully anally penetrated.
Creativity wins.

2
Hacking and Security / Re: SQLi error-based question
« on: August 02, 2015, 03:46:46 AM »
Quote from: Satori on August 01, 2015, 02:40:04 PM
How does your command look for "other columns" then? Did you change column and table names at all or is that some copy paste command you just found?

I suggest you refrain from dumb ass replies like that, I could be your teacher little boy. Copy paste, yeah dude, totally - you're one hell of a genius. The fuck off the thread cutiepie.

Quote from: viktory on August 01, 2015, 05:37:37 PM
It could be possible the column holds no data. Use count()

At least you tried helping. If I'm asking other 'hackers' when I usually just do my own thing it's because I've done everything that could be done. Including the most basic verification like count()

3
Hacking and Security / SQLi error-based question
« on: July 31, 2015, 07:54:34 AM »
$uccess here, nice to meet u all.
quick question regarding an sql error based injection that I'm doing:

Code: [Select]
and+(select 1 from(select+count(*),concat((select+concat(name,0x3a,lastname,0x3a,email) from users+limit+0,1),floor(rand(0)*2))x from information_schema.tables+group by x)a) and 1=1--+
ok, so everything cool from here - except that it only works with basic columns data such as first name, last name etc. when I wanna see other columns, it redirects me to the page with no error.
anyone experienced this b4 ? 

update: it seems that the code of the page recognizes certain column names specifically and when they are requested, you get redirected to the normal page.

Pages: [1]


Want to be here? Contact Ande, Factionwars or Kulverstukas on the forum or at IRC.