Donate to us via Paypal!
Capitalism is an Island of wealth in a sea of poverty
Tuesday, October 27, 2020
Navigation
Home
 Find:
 Information:
Learn
Communicate
Submit
Shop
Challenges
 Exploit:
 Programming:
 Think:
 Track:
 Patch:
 Other:
 Need Help?
Other
Members Online
Total Online: 127
Guests Online: 126
Members Online: 1

Registered Members: 129433
Newest Member: jessievd69
Latest Articles

View Thread

HellBound Hackers | Computer General | Web hacking

Author

sql tables


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 25-04-07 23:01
For the past couple of days I've been working on sql injections, and today I found another vulnerable site. When I put an ' into the url (.php?id=') I got an error that said the following:

MYSQL ERROR ------------------------------------------------------- You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ''''' at line 2

query - SELECT categories_id, categories_name, parent_id FROM shop_categories
WHERE categories_id = '''



So my question is, is shop_categories the name of a table that contains the columns named, categories_id, categories_name, and parent_id ?

thanks for any help.




Edited by on 25-04-07 23:02
Author

RE: sql tables

spyware
Member



Posts: 4192
Location:
Joined: 14.04.07
Rank:
God
Warn Level: 90
Posted on 25-04-07 23:04
http://www.w3schools.com/sql/sql_select.asp
Author

RE: sql tables


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 25-04-07 23:05
SELECT fieldlist FROM table WHERE field = *

http://www.unixwi. . .ction.html


Author

RE: sql tables


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 25-04-07 23:08
Thanks for the quick responses.Smile