Donate to us via Paypal!
Never in the field of human conflict was so much owed by so many to so few. - Winston Churchill
Saturday, November 28, 2020
Navigation
Home
 Find:
 Information:
Learn
Communicate
Submit
Shop
Challenges
 Exploit:
 Programming:
 Think:
 Track:
 Patch:
 Other:
 Need Help?
Other
Members Online
Total Online: 88
Guests Online: 88
Members Online: 0

Registered Members: 130551
Newest Member: Louieopito
Latest Articles

View Thread

HellBound Hackers | Computer General | Web hacking

Author

sql injection help


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 18-11-06 14:59
ok so im trying to inj sql that will give me list of emails from certain site. I found a vuln that allows me to inj sql but only certain way. i can only get a single email from user. for exsample:
there is field where your sps to put where ur from(city, etc):
and i sql injection it like this - "Mycity', where description=tb_users.email WHERE user='someuser' --"
so, the description of user 'someuser' becomes his email. What i want is to put ALL emails in ONE user description. Any ideas?
my english is bad, hope u understand what im trying to say..
Author

RE: sql injection help


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 18-11-06 15:26
It depends on how it has been coded and whether is is a while or a simple echo once. You'd have to experiment but in some cases it wont be possible


Author

RE: sql injection help


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 19-11-06 13:43
im not sure what are u trying to say?