| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20050801114931.3992A1F50B1@ws1-2.us4.outblaze.com> Date: Mon Aug 1 12:51:13 2005 From: stfu at consultant.com (none neither) Subject: courious blind sql topic.. I was just learning about sql injection and it's blind recall, and I have some questions: With the sentence " and MID($$$FIELD$$$,1,1) like CHAR(37) " and some bruteforce I went through php's special chars protection and was able to get thinks like: http://www.phrack.org/author.php?a=290 and MID($$$FIELD$$$,1,1) like CHAR(37) user() of query: phracksql@...alhost database() fo query: phrack version of mysql: 4.0.18... I was also able to get the names of the field in the query using the following sentence: http://www.phrack.org/author.php?a=290 and MID($$$FIELD$$$,1,1) like CHAR(37) and I've found these in my example: - id, date, name, title but when the field is empty (for example: ?a=300 and MID(email,1,1) like CHAR(37) author 300 has no email in database ) I get no clear response as with a=290.. Is there a better select to get a field even if it's empty? I've tried to find the number of fields or the name of the table in the database, but alltough it's mysql4.x I was not able to build a workingn union yet.. I'll work in it. Thanks in advance.. stfu -- ___________________________________________________________ Sign-up for Ads Free at Mail.com http://promo.mail.com/adsfreejump.htm
Powered by blists - more mailing lists