Let's say I managed to exploit an sql injection in a server ( i am just testing, nothing illegal ).
Well, what I get is
user password host
someacc, somepass, localhost
or some other server, but NOT %, global access.
(I am always talking for mysql.users table and of course only union is
available, ; char is filter automatically )
Is there a way to actually use this information?
If there is what kind of technique/attack do I use?
BTW if you re facing some language/collation prob etc
instead of using
select null,password COLLATE utf8_bin from table
or whatever in your statement, use
select null,unhex(hex(password)) from table
That thing (it works in my tests) took me sometime, I hope you'll find it useful
RE: Sql injection, localhost users only
Posts: Location: Joined: 01.01.70 Rank: Guest
Posted on 30-06-09 19:12
, no response at all?
I presume it is not possible to trick the server somehow.
Only if you penetrate some of the other machines that have accounts with access.
Or my ISP's servers...
Hellbound Hackers is the collective work of the staff and the community and is therefore licensed under the CC BY-NC-SA license.