Follow us on Twitter!
One mans freedom fighter, another's terrorist.
Thursday, April 24, 2014
Navigation
Home
HellBoundHackers Main:
HellBoundHackers Find:
HellBoundHackers Information:
Learn
Communicate
Submit
Shop
Challenges
HellBoundHackers Exploit:
HellBoundHackers Programming:
HellBoundHackers Think:
HellBoundHackers Track:
HellBoundHackers Patch:
HellBoundHackers Other:
HellBoundHackers Need Help?
Other
Members Online
Total Online: 29
Guests Online: 24
Members Online: 5

Registered Members: 82895
Newest Member: kevy90
Latest Articles
View Thread

HellBound Hackers | Computer General | Web hacking

Author

Sql injection, localhost users only


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 29-06-09 02:40
Let's say I managed to exploit an sql injection in a server ( i am just testing, nothing illegal ).
Well, what I get is
user password host
someacc, somepass, localhost
or some other server, but NOT %, global access.
(I am always talking for mysql.users table and of course only union is
available, ; char is filter automatically )
Is there a way to actually use this information?
If there is what kind of technique/attack do I use?


BTW if you re facing some language/collation prob etc
instead of using
select null,password COLLATE utf8_bin from table
or whatever in your statement, use
select null,unhex(hex(password)) from table
That thing (it works in my tests) took me sometime, I hope you'll find it useful Grin
Author

RE: Sql injection, localhost users only


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 30-06-09 19:12

Sad, no response at all?

I presume it is not possible to trick the server somehow.
Only if you penetrate some of the other machines that have accounts with access.
Or my ISP's servers...
gg