Donate to us via Paypal!
Ideas are far more powerful than guns.
Sunday, October 25, 2020
Navigation
Home
 Find:
 Information:
Learn
Communicate
Submit
Shop
Challenges
 Exploit:
 Programming:
 Think:
 Track:
 Patch:
 Other:
 Need Help?
Other
Members Online
Total Online: 100
Guests Online: 99
Members Online: 1

Registered Members: 129356
Newest Member: zannes90
Latest Articles

View Thread

HellBound Hackers | Computer General | Web hacking

Author

SQL Injection security question


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 17-12-06 12:39
Hi.

I wanted to know if there are any security holes using this query.

mysql_query('SELECT * FROM news WHERE ' . $query);


I try to get informations from other tables or (if possible) even CHANGE values in other tables.

I tried using
query=; UPDATE news ...
or
query=-- UPDATE news ...

but nothing really worked.

Is there any way doing this? Or at least get informations from other tables?

Thanks in advance.


Author

RE: SQL Injection security question


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 17-12-06 12:50
im not a php or sql person im more fo a pelr person but i think it would be something like

SELECT * FROM users WHERE password=*

to get a list of every users password


Author

RE: SQL Injection security question


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 17-12-06 13:00
Well, I'm only able to modify the WHERE-condition.

So
SELECT * FROM news WHERE
is constant
and I am able to change everything behind it.

SELECT * FROM news WHERE 1;
would list all news - but I don't want to see the boring news. I'd like to see all users for example.


Author

RE: SQL Injection security question


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 17-12-06 13:24
UNION commands?? I'm assuming there's some reason they wouldn't work or you've tried them already but meh... I have really crappy knowledge of SQL


Author

RE: SQL Injection security question

Mr_Cheese
Member



Posts: 2468
Location: Brighton, UK
Joined: 30.11.04
Rank:
Uber Elite
Posted on 17-12-06 14:31
if you want to select, do a UNION and make sure you finish the sql query with a -- if its SQL or /* if its mysql.


Author

RE: SQL Injection security question


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 17-12-06 15:55
blind sql injection here you could make the $query equal to 1 AND substring(SYSTEM_USER(),1,1)="a" and this could be used to brute force database information.


Author

ithink


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 02-01-07 14:59
try brute force




Edited by on 02-01-07 15:01