Donate to us via Paypal!
Understanding is the answer, hatred is the problem, and hackers are the slaves abused and destroyed in the process of peace online - Deshouleres
Tuesday, October 27, 2020
Navigation
Home
 Find:
 Information:
Learn
Communicate
Submit
Shop
Challenges
 Exploit:
 Programming:
 Think:
 Track:
 Patch:
 Other:
 Need Help?
Other
Members Online
Total Online: 111
Guests Online: 110
Members Online: 1

Registered Members: 129433
Newest Member: jessievd69
Latest Articles

View Thread

HellBound Hackers | Computer General | Web hacking

Author

SQL injection Blind


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 27-05-07 01:59
i am on this site that in susceptible to blind sql injection....i was wondering is there a way to find out the name of a table


Author

RE: SQL injection Blind


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 27-05-07 02:57
that's the point of "blind" SQL injection, you have to guess the table..

first, try to find out the number of columns, ex: index.php?whatever=1 order by 3,4,5,etc

then do:

UNION ALL SELECT lots of nulls.. FROM username,user_name,members,password,pass,etc...

UNION ALL SELECT null,null,null,null(4 columns) FROM members

..correct me if im wrong Shock




Edited by on 27-05-07 02:59
Author

RE: SQL injection Blind


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 27-05-07 03:04
laverdad wrote:
i am on this site that in susceptible to blind sql injection....i was wondering is there a way to find out the name of a table


ehh, wouldn't you know that having completed the relevant challenges?
of course, people forget things, that's understandable.


Author

RE: SQL injection Blind


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 27-05-07 04:14
i know how many columns and the name of the columns i need. it is just the table name i need to know. Plus real-world web hacking is not always like these HBH challenges.


Author

RE: SQL injection Blind


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 27-05-07 04:28
laverdad wrote:
i know how many columns and the name of the columns i need. it is just the table name i need to know. Plus real-world web hacking is not always like these HBH challenges.


oh i know, i know.
=P


Author

RE: SQL injection Blind


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 27-05-07 04:41
@Laverdad, wanna PM me the link?


Author

RE: SQL injection Blind


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 27-05-07 04:49
sent it


Author

RE: SQL injection Blind


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 27-05-07 05:26
try selecting table / column names from the information_schema database. probably won't have access to it though.