Guest Praetorian Posted June 29, 2009 Report Share Posted June 29, 2009 Sau mai usor scannezi ip-ul hostului sa vezi ce porturi/servici are deschise! Link to comment Share on other sites More sharing options...
M4T3! Posted June 30, 2009 Report Share Posted June 30, 2009 daca imi apare character_maximum_length. Ce pot face?am adaugat la un site asta: 9%20union%20all%20select%201,column_name,3,4,5,6%20from%20information_schema.columns%20limit%2021,1si da character_maximum_length -ce sa fac? Link to comment Share on other sites More sharing options...
mosulica Posted July 7, 2009 Report Share Posted July 7, 2009 la un sqli order by 5-- imi merge.. totul e okey , cand dau union select 1,2,3,4,5-- o da in erori : The used SELECT statements have a different number of columns Link to comment Share on other sites More sharing options...
Ethereal Posted July 7, 2009 Report Share Posted July 7, 2009 poate are mai mult de 5 coloane Link to comment Share on other sites More sharing options...
mosulica Posted July 8, 2009 Report Share Posted July 8, 2009 sqli : union all select 1,2,3,4apare : Operand should contain 1 column(s) :confused:are careva vre`un hint? Link to comment Share on other sites More sharing options...
mosulica Posted July 8, 2009 Report Share Posted July 8, 2009 nu da rezultate.. same eror.. sunt 4 coloane sigur, am verificat cu order by..insa apare fututa aia de eroare Link to comment Share on other sites More sharing options...
Foton Posted August 15, 2009 Report Share Posted August 15, 2009 are 4 coloane ..incercati si voi pe alt site (stiu eu unul, ii stiu vulnerabilitatea , mi-o detecteaza cu programul lui pitty , dar daca pun ' si dau enter ma redirectioneaza la pagina principala) Link to comment Share on other sites More sharing options...
BennyKA Posted April 14, 2010 Report Share Posted April 14, 2010 dar daca adresa e de forma http://xxxxxxxxx.ro/product--western-digital-160gb-caviar-blue-7200rpmpata8mb-wd1600aajb--81.html Link to comment Share on other sites More sharing options...
Nytro Posted April 14, 2010 Report Share Posted April 14, 2010 Mod_rewrite, ideea e aceeasi, dar iti poate provoca probleme.http://xxxxxxxxx.ro/product--western-digital-160gb-caviar-blue-7200rpmpata8mb-wd1600aajb--81.htmlCred ca variabila e product si ID-ul 81. Si restul e numele produsului, pentru SEO. Link to comment Share on other sites More sharing options...
BennyKA Posted April 15, 2010 Report Share Posted April 15, 2010 Nu merge! Tot imi zice ca pagina nu Exista! Link to comment Share on other sites More sharing options...
chicco_10 Posted April 23, 2010 Report Share Posted April 23, 2010 as dori daca se poate sa se faca un video....nu inteleg, si degeaba..am adaugat ' dupa adresa si nu se intampla nimic.Am incercat cu o adresa gasita pe forum. Link to comment Share on other sites More sharing options...
pelican Posted September 6, 2010 Report Share Posted September 6, 2010 daca am facut asta pe un site, am aflat user si parola..doar sa vad daca merge, pe ftp la login totusi mi-a dat time-out..si ulterior imi da time-out si cand incerc sa intru pe site.. e de rau? (prin proxy merge site-ul..dar dp IP-ul meu da time-out) Link to comment Share on other sites More sharing options...
zonamea Posted September 6, 2010 Report Share Posted September 6, 2010 F util mersii Link to comment Share on other sites More sharing options...
bcman Posted September 6, 2010 Report Share Posted September 6, 2010 F util mersiiFoarte inutil postul tau. Nu iti multumim. Link to comment Share on other sites More sharing options...
D00mnezeu Posted September 7, 2010 Report Share Posted September 7, 2010 FCRapid.roa dat eroareaWarning: mysql_num_rows(): supplied argument is not a valid MySQL result resource in /home/fcrapid/public_html/stire.php on line 182next what? ..ca nu merge order by () ...adica da eroarea si la order by 1-- Link to comment Share on other sites More sharing options...
Nytro Posted September 7, 2010 Report Share Posted September 7, 2010 Nu inteleg de ce va complicati. Nu stiti SQL, nu veti sti niciodata SQL Injection. Invatat SQL (orice, MySQL, Postgre, Oracle...), apoi va apucati de SQL Injection. Link to comment Share on other sites More sharing options...
wizardruls Posted September 7, 2010 Report Share Posted September 7, 2010 Instalati-va un mysql versiunea 5 (ca sa contina infomation_schema ) apoi cititi cateva tutoriale despre SQL , invatati care sunt statement-urile pentru interogarea unei baze de date iar dupa asta totul va parea mai usor, si o sa fiti un pic mai destepti.Nu ai cum sa faci mysql injection daca nu sti ce reprezinta union all . Link to comment Share on other sites More sharing options...
ZeroCold Posted September 7, 2010 Author Report Share Posted September 7, 2010 (edited) a dat eroareanext what? ..ca nu merge order by () ...adica da eroarea si la order by 1--Invata asta:http://www.oriceon.com/tutorial_v2.1.rarapoi asta:http://rstcenter.com/forum/25566-tutorial-sqli-structured-query-language-injection.rstsi vezi ce mai gasesti pe aici...Edit: iti recomand sa folosesti Easy PHP, contine tot ce ai nevoie (PHP, Apache, MySQL, phpmyadmin etc...). Gasesti link de download in tutorialul de la oriceon.Site oficial:http://www.easyphp.org/ Edited September 7, 2010 by ZeroCold Link to comment Share on other sites More sharing options...
anormal Posted January 1, 2011 Report Share Posted January 1, 2011 ms pentru tuturial Link to comment Share on other sites More sharing options...
Alynutza Posted January 13, 2011 Report Share Posted January 13, 2011 Un site vulnerabil imi da si mie cineva? sa vad daca am priceput ceva de aici:D Link to comment Share on other sites More sharing options...
darksideovi Posted January 14, 2011 Report Share Posted January 14, 2011 Ping: 79.71.236.98 check this Link to comment Share on other sites More sharing options...
scorpy0n Posted February 3, 2011 Report Share Posted February 3, 2011 (edited) Tutorial SQL InjectionPASUL 6:-pentru a afla versiunea punem in loc de coloanele vulnerabile (4-2):@@version-va arata asa:(eu l-am ales pe 2, puteti sa-l alegeti si pe 4, important este sa fie o cifra care va apare pe pagina)Obs:In loc de cifra 2 care ne-a aparut in pasul anterior a aparut versiunea. (versiunea este: 5.0.32-Debian_7etch8-log )PASUL 7:-daca versiunea este mai mare de 5 folosim "information_schema" daca este mai mica ghicim totul.daca versiunea este mai mica de 5 ce trebuie sa fac?am incercat sa ghicesc numele tabelului, am incercat multe variante dar nu am reusit..am gasit si alte site-uri vulnerabile, cu versiunea mai mare de 5 a sql, am gasit tabelele, dat nu ma descurc sa extrag adminul si parola... Edited February 4, 2011 by scorpy0n Link to comment Share on other sites More sharing options...
Tanasecn Posted February 22, 2011 Report Share Posted February 22, 2011 Salut mie imi tot da eroarea asta : You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '' at line 1Unde gresesc? Link to comment Share on other sites More sharing options...
tiodr Posted February 22, 2011 Report Share Posted February 22, 2011 Salut mie imi tot da eroarea asta : You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '' at line 1Unde gresesc?daca nu ne spui codul nu ne putem dea seama unde ai gresit:| daca foloseasi un editor de cod precum Dreamweaver CS5 el ti-ar fi arata unde e greseala direct;) Link to comment Share on other sites More sharing options...
Owneru24 Posted March 9, 2011 Report Share Posted March 9, 2011 @ZeroCold: Referitor la tutorialul tau,am luat un site gasit pe net am urmat pasii de mai sus,toate bune si frumoase pana la aflarea tabelelor "http://www.primariapades.ro/index.php?page=-1%20union%20all%20select%201,2,3,4,table_name,6%20from%20information_schema.tables--" i-mi da o eroare si nu arate numele tabelelor. Mersi anticipat! Link to comment Share on other sites More sharing options...