ZeroCold Posted March 9, 2011 Author Report Share Posted March 9, 2011 @ZeroCold: Referitor la tutorialul tau,am luat un site gasit pe net am urmat pasii de mai sus,toate bune si frumoase pana la aflarea tabelelor "http://www.primariapades.ro/index.php?page=-1%20union%20all%20select%201,2,3,4,table_name,6%20from%20information_schema.tables--" i-mi da o eroare si nu arate numele tabelelor. Mersi anticipat! http://www.primariapades.ro/index.php?page=1+and+1=2+union+all+select+1,2,3,4,group_concat%28convert%28table_name%20using%20latin1%29%29,6+from+information_schema.tables--.... Link to comment Share on other sites More sharing options...
GarryOne Posted March 9, 2011 Report Share Posted March 9, 2011 @ZeroCold ce fel de sqli e asta? cu convert,latin, using, 1+and+1=2vad ca e ceva avansat, daca ai putea sa faci un tutorial cu trucuri sqli ceva mai avansate de genu asta. Link to comment Share on other sites More sharing options...
Owneru24 Posted March 10, 2011 Report Share Posted March 10, 2011 Merci! Am bagat la bibilica +1 Link to comment Share on other sites More sharing options...
Owneru24 Posted March 10, 2011 Report Share Posted March 10, 2011 @Garry Nu este 1+and+1,este 1 and 1=2 si este o sintaxa adevarata "+" este pus de pus in loc de spatiu de unele browsere Link to comment Share on other sites More sharing options...
colalov_bt Posted March 10, 2011 Report Share Posted March 10, 2011 salut am incercat toate injecturile poate rezolvati voi http://www.primariamaldaresti.ro/displayimage.php Link to comment Share on other sites More sharing options...
totti93 Posted March 11, 2011 Report Share Posted March 11, 2011 Poti folosi unhex (hex (v)) in loc de convert using latin1 ca sa afiseszi rezultatul in pagina... Link to comment Share on other sites More sharing options...
zonamea Posted March 11, 2011 Report Share Posted March 11, 2011 F interesant, Bv Link to comment Share on other sites More sharing options...
Owneru24 Posted March 12, 2011 Report Share Posted March 12, 2011 Totusi era un amarat de site! -1 pt cine i-a schimbat parola si a pus prostiile alea pe acolo! Nu asa se procedeazaPrimaria Pades -=www.primariapades.ro=- Link to comment Share on other sites More sharing options...
afcrapid Posted March 13, 2011 Report Share Posted March 13, 2011 Mersi,am iinvatat si eu SQL injection..dar imi dati si mie un scanner bun sau cateva situri vulnerabile? Link to comment Share on other sites More sharing options...
SilentPH Posted May 15, 2011 Report Share Posted May 15, 2011 (edited) Am si eu o intrebare . Daca nu e username , user , password , pass ... Ce sa incerc ?//Mersi zero Edited May 15, 2011 by SilentPH Link to comment Share on other sites More sharing options...
ZeroCold Posted May 15, 2011 Author Report Share Posted May 15, 2011 Am si eu o intrebare . Daca nu e username , user , password , pass ... Ce sa incerc ?user_nameusrpasswduser_passuser_passwduser_passwordpassword_hashpwd... Link to comment Share on other sites More sharing options...
AdRyAnOTeAm Posted May 21, 2011 Report Share Posted May 21, 2011 +1 foarte bun tutorialul Link to comment Share on other sites More sharing options...
buton Posted July 20, 2011 Report Share Posted July 20, 2011 Sunt foarte multi copii care cred ca daca dau copy/paste in browser la o sintaxa sql gata sunt 'hackers'. Asa cum a zis cineva mai devreme e foarte important sa fi creativ si sa intelegi cu adevarat ce inseamna o baza de date si cum extragi datele din ea cel mai simplu si cel mai eficient Link to comment Share on other sites More sharing options...
unknown. Posted July 20, 2011 Report Share Posted July 20, 2011 Scuze ca dezgrop topicul dar...)) Vai cum stia el sa aproximeze, era fix 27% din SQL Injection.A uitat sa spuna virgula 2Bravo pentru tutorial,mie mi-a fost de folos +1 rep Link to comment Share on other sites More sharing options...
maG1c Posted August 24, 2011 Report Share Posted August 24, 2011 M-am blocat la aflarea versiunii. Am reusit sa aflu numarul de coloane si coloana vulnerabila. In cazul meu, site-ul are 6 coloane , iar coloana vulnerabila e 4. Si care-i problema? Pai introduc sintaxa asta "union all select 1,@@version,3,4-- " dar nu inteleg ce ar trebuie sa modific sa introduc numarul meu de coloane sau coloana vulnerabila. Adica in sintaxa asta, ce este acel "1" , "3", "4" .. numarul de coloane, versiunea sau ce? Astept raspuns Link to comment Share on other sites More sharing options...
oMSQo Posted December 18, 2011 Report Share Posted December 18, 2011 imi apare linkul cu %92 la sfarsit de ce? Link to comment Share on other sites More sharing options...
andreis Posted December 27, 2011 Report Share Posted December 27, 2011 se poate incerca cu orice link, sau doar anumite linkuri sunt vulnerabile? Link to comment Share on other sites More sharing options...
lukiller Posted February 1, 2012 Report Share Posted February 1, 2012 am si eu o intrebare, am incercat pe alt site dar cand dau order by 100 sau by 1 tot aceiasi eroare gasesc..ce pot sa mai incerc pt asta? mersi Link to comment Share on other sites More sharing options...
totti93 Posted February 1, 2012 Report Share Posted February 1, 2012 @lukiller Sunt `N` moduri in care poti injecta un query SQL. Suntem ghicitori in palme ca sa stim ce ai gresit? Posteaza vulnerabilitatea, nu ne pune sa ghicim! Link to comment Share on other sites More sharing options...
rkq2pj Posted February 1, 2012 Report Share Posted February 1, 2012 Poate sa ma ajute cineva nu stiu daca am gasit bine vulnerabilitatea ca nu imi da eroare TerminatioN Silkroadsau..::Atomix Silkroad::.. - Silkroad Private Serverputeti sa spargeti aci fara probleme sunt servere ilegale private Link to comment Share on other sites More sharing options...
totti93 Posted February 1, 2012 Report Share Posted February 1, 2012 Unde e vulnerabilitiatea? Crezi ca-ti va sparge cineva site-ul?Thread title == "[Tutorial]Sql injection"Eu nu vad niciun SQLi... Link to comment Share on other sites More sharing options...
darkky84 Posted February 1, 2012 Report Share Posted February 1, 2012 Great Treasure GroupVad ca are 5 coloane, dar ma blochez la union all select 1,2,3,4,5-- ; da eroarea The used SELECT statements have a different number of columns Link to comment Share on other sites More sharing options...
BidiCooL Posted February 1, 2012 Report Share Posted February 1, 2012 se poate incerca cu orice link, sau doar anumite linkuri sunt vulnerabile?si eu as vrea sa stiu asta.. Link to comment Share on other sites More sharing options...
BidiCooL Posted February 1, 2012 Report Share Posted February 1, 2012 Great Treasure GroupVad ca are 5 coloane, dar ma blochez la union all select 1,2,3,4,5-- ; da eroarea The used SELECT statements have a different number of columnsaceeasi problema si la mine Link to comment Share on other sites More sharing options...
darkky84 Posted February 1, 2012 Report Share Posted February 1, 2012 Okay, am reusit sa gasesc user si password la un site, dar nu gasesc login page.Site-ul este: 1031 Exchange | Tax Deferred Exchange | Qualified Intermediary Link to comment Share on other sites More sharing options...