setthesun
May 18 2004, 11:59 AM
I'm very well at SQL Injection in MSSQL but I'm not good at MYSQL;
So I'm doing a penetration test;
Here is my request;
| QUOTE |
| http://xxxx/xxx/xxxx.php?id=-1/**/UNION/**/SELECT/**/0,0/**/FROM/**/members/* |
And answer from host;
| QUOTE |
| Warning: mysql_result(): Unable to jump to row 0 on MySQL result index 32 in /usr/hosts/xxxx/web/xxx/xxxx.php on line 17 |
What's next, What's this error meaning I couldn't find a good resource. Also how can I learn table and field names. I just guessing in here.
Also all of other injected request, answer is always same.
migo
May 18 2004, 03:06 PM
please give a good explain on wt u wanna do and what platform u run on so i may help you cuz i spent many times in mysql injection
setthesun
May 18 2004, 04:25 PM
I want to get MYSQL tables, field names, UNION and I want to execute INTO OUT '' style SQL Queries.
Platform : Unix
GAN_GR33N
May 18 2004, 09:24 PM
i'm not exactly sure i know what you mean but if you are trying to get the field names i think you can use the ' having --' command and it will error and shout out the field name it errored in.
hope this helps, good luck
setthesun
May 19 2004, 05:43 AM
| QUOTE (GAN_GR33N @ May 18 2004, 09:24 PM) |
i'm not exactly sure i know what you mean but if you are trying to get the field names i think you can use the ' having --' command and it will error and shout out the field name it errored in.
hope this helps, good luck |
I mean I want to union current sql with my own sql query. If you know what's sql injectionn you have to know what I mean.
Also I want to see field names and MySQL doesn't support "--" and it usess /* for comments or finishing a query.
whiskah
May 19 2004, 06:02 AM
do u have the code of the php site ur pen testing?
post part of the code on the query used...
schnibble
May 19 2004, 06:39 AM
| QUOTE (setthesun @ May 18 2004, 11:59 AM) |
| http://xxxx/xxx/xxxx.php?id=-1/**/UNION/**/SELECT/**/0,0/**/FROM/**/members/* |
try this:
| CODE |
| http://xxxx/xxx/xxxx.php?id=-1 UNION SELECT null,null FROM members/* |
but as far as i know, u need to know how much data u need to get from that query to sucessfully inject it. It depends on the rest of the code (PHP, Perl or whatever it is).
u can put %20 instead of spaces (" ") but it shouldnt matter
just rememberd something.
Thats a warning, so not so important as error.
And its PHP warning, created my MySQL API's.
And more important thing is PHP manual, which says,
| CODE |
mysql_result ( resource result , int row )
will jump to row $row in the output |
so i supose it tries to jump to row 0 which is non existing one. Not critical error, but enough for warning.
and here's the new version, full code:
| CODE |
Get result data (PHP 3, PHP 4 )
mixed mysql_result ( resource result, int row [, mixed field ] )
mysql_result() returns the contents of one cell from a MySQL result set. The field argument can be the field's offset, or the field's name, or the field's table dot field name (tablename.fieldname). If the column name has been aliased ('select foo as bar from...'), use the alias instead of the column name.
When working on large result sets, you should consider using one of the functions that fetch an entire row (specified below). As these functions return the contents of multiple cells in one function call, they're MUCH quicker than mysql_result(). Also, note that specifying a numeric offset for the field argument is much quicker than specifying a fieldname or tablename.fieldname argument.
Calls to mysql_result() should not be mixed with calls to other functions that deal with the result set. |
download it at www.php.net
hope it helps
setthesun
May 19 2004, 11:04 AM
| QUOTE (whiskah @ May 19 2004, 06:02 AM) |
do u have the code of the php site ur pen testing?
post part of the code on the query used... |
unfortunately not;
setthesun
May 19 2004, 11:04 AM
Hmmm ok it means I need to work more PHP
This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please
click here.
