Follow us on Twitter!
Few are those who can see with their own eyes and hear with their own hearts. - Albert Einstein
Tuesday, September 01, 2015
Navigation
Home
HellBoundHackers Main:
HellBoundHackers Find:
HellBoundHackers Information:
Learn
Communicate
Submit
Shop
Challenges
HellBoundHackers Exploit:
HellBoundHackers Programming:
HellBoundHackers Think:
HellBoundHackers Track:
HellBoundHackers Patch:
HellBoundHackers Other:
HellBoundHackers Need Help?
Other
Members Online
Total Online: 17
Guests Online: 15
TeamSpeak Online : 5 Members Online: 2

Registered Members: 89876
Newest Member: peasant
Latest Articles
View Thread

HellBound Hackers | Computer General | Web hacking

Author

Sql injection, localhost users only


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 29-06-09 02:40
Let's say I managed to exploit an sql injection in a server ( i am just testing, nothing illegal ).
Well, what I get is
user password host
someacc, somepass, localhost
or some other server, but NOT %, global access.
(I am always talking for mysql.users table and of course only union is
available, ; char is filter automatically )
Is there a way to actually use this information?
If there is what kind of technique/attack do I use?


BTW if you re facing some language/collation prob etc
instead of using
select null,password COLLATE utf8_bin from table
or whatever in your statement, use
select null,unhex(hex(password)) from table
That thing (it works in my tests) took me sometime, I hope you'll find it useful Grin
Author

RE: Sql injection, localhost users only


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 30-06-09 19:12

Sad, no response at all?

I presume it is not possible to trick the server somehow.
Only if you penetrate some of the other machines that have accounts with access.
Or my ISP's servers...
gg