logo
::[Home]
::[News]
::[Challenges]
::[Ranking]
::[My Account]
::[Forum]
::[Chat]
::[Private Messages]
::[Vulnerable Code]
::[Tutorials]
::[Downloads/Scripts]
::[Support]
::[Links]
::[Contact/FAQ]
::[Login]
0 anonymous
Views: 1089797 Challenges: 342
Users: 12689 Online: 11

Settings
Search
0 new posts

sql injection stuck! – 2 Posts

  • sql injection stuck!

    03/19/2008 11:47
    Visualq's Avatar Visualq 60
    Not SpecifiedNot SpecifiedNot SpecifiedNot SpecifiedNot SpecifiedNot SpecifiedNot SpecifiedNot SpecifiedNot SpecifiedNot SpecifiedNot SpecifiedNot SpecifiedNot Specified
    Recently I got the hang of sql injection and started to understand it better and better. However, I've come across a few site which had some difficulty to inject. Right. <br>(note: I did notify all owners of the website. Such a good boy! sigh) <br><br>One website was running osCommerce with a vulnerable poll plugin.. Atleast I think it's vulnerable. <br>when I did a<br> /results/pollid/999' union select 1 from customers -- <br>right resulted in a lack of defined columns.<br>SELECT pollid, timeStamp FROM phesis_poll_desc WHERE pollid='999' union select 1 from customers -- ' was what I got in return.<br>so pollid and timestamp eh.. guess we'll add another 1<br> /results/pollid/999' union select 1,1 from customers -- <br>Right, that would work however the query appears to be ran twice on 2 different table.<br>SELECT optionText from phesis_poll_data where pollid='999' union select 1,1 from customers -- ' and voteid='0' and language_id = '4'<br>which only has 1 column.. <br><br>Just for educational purpose only, how would I go around this? cause it's bugging me.. <img alt="\&quot;:(\&quot;" src="%5C"><br><br>Visualq.<br>
    Edit
    Reply
    Quote
    0 Likes
  • 03/19/2008 11:47
    UnknownUser's Avatar UnknownUser 2,7290
    Not SpecifiedNot SpecifiedNot SpecifiedNot SpecifiedNot SpecifiedNot SpecifiedNot SpecifiedNot SpecifiedNot SpecifiedNot SpecifiedNot SpecifiedNot SpecifiedNot Specified
    first of all, i would advice against reporting, nowadays it only gets you in trouble. certainly in ecommerce sites, if an oscomerce site was vulnerable, it was most likely googled from the moment some hackers new of the vuln. and i'm guessing they keep payment details. You do not want to be their skapegoat when things go badly.<br><br>second of all, there are methods around that, that work depending on some factors, however, I am done injecting information in this website. Contact me on a good day privately, or wait for someone else to provide the solution here.
    Edit
    Reply
    Quote
    0 Likes