Follow us on Twitter!
Don't judge the unknown - Grindordie
Thursday, April 24, 2014
Navigation
Home
HellBoundHackers Main:
HellBoundHackers Find:
HellBoundHackers Information:
Learn
Communicate
Submit
Shop
Challenges
HellBoundHackers Exploit:
HellBoundHackers Programming:
HellBoundHackers Think:
HellBoundHackers Track:
HellBoundHackers Patch:
HellBoundHackers Other:
HellBoundHackers Need Help?
Other
Members Online
Total Online: 23
Guests Online: 20
Members Online: 3

Registered Members: 82886
Newest Member: The Slummy
Latest Articles
View Thread

HellBound Hackers | Computer General | Web hacking

Author

Tiny sql-injection problem.


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 02-02-10 04:52
Hey. Yes, little UNION based sql-injection problem.

xxx.php?id=1 order by 1/* Brings back the actual website.
xxx.php?id=1 order by 2/* Gives an error: Unknown column '2' in 'order clause'.

So we have only 1 column.

The problem is, when i try to:
xxx.php?id=1 union all select 1/* It gives an error:
The used SELECT statements have a different number of columns.

0_o.. ideas?


Author

RE: Tiny sql-injection problem.

AldarHawk
Member



Posts: 1690
Location: Canada
Joined: 26.01.06
Rank:
Hacker Level 1
Posted on 02-02-10 16:06
Try other options. try select. keep testing it until you get the results you want. be creative.


Just ask Yahoo!Taboo! http://www.erikwestlake.com
Author

RE: Tiny sql-injection problem.


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 03-02-10 02:15
Select won't make a difference.

Basically what is happening is that their are at least two different select statements that the site is pulling from xxx.php?id=1

So one statement may be selecting from a table that has only 1 column, but the statement that you are looking for (and where the data is being written out) is selecting from a different table with more than 1 column. Just to be sure, try UNION ALL SELECT 1111111/* and then do a cntrl F in the source code for 1111111. If it shows up then you're golden.

Most likely though it won't show up and you'll have to figure out how many columns are in the other table that it is selecting from. Try doing ORDER BY 100/*....do you get the same error?
Does the error show up where the content is, but the rest of the page loads normally? Or is it a white screen with the error message? If it's a white screen then most likely you won't be able to exploit it.