Results 1 to 4 of 4

Thread: SQLi - MySQL

  1. #1
    Just burned his ISO
    Join Date
    Oct 2012

    Default SQLi - MySQL

    Good evening all,

    I'm in the process of attempting to exploit a SQLi vulnerability detected by Nessus scanner on a web application I've downloaded. Before getting flamed, I just want to say that I've spent countless hours doing tons of research and studied many training materials but I've never run across this situation. In this particular case, the SQLi vulnerability is actually in the HTTP Headers (Referrer). However, what's weird to me is that a single quote (') is the ONLY thing that triggers an MySQL_num_rows() error. Tried many blind sqli techniques and even some time-based from learning resources, but it seems like nothing has an effect other than putting a single quote (which only generates a mysql_numrows() error), or even if I add 3, 5, etc.

    Any advice on what I'm doing wrong / missing, please let me know. I appreciate any feedback.

  2. #2
    Senior Member daedalus1776's Avatar
    Join Date
    Jan 2012

    Default Re: SQLi - MySQL

    Need more information. What are some examples of what you've tried? And what kind of web application? Can you do authentication bypass with the following?:
    ' or 1=1; #

  3. #3
    My life is this forum thorin's Avatar
    Join Date
    Jan 2010

    Default Re: SQLi - MySQL

    Along with the tick have you tried various positive & negative clauses? Have you tried different comment constructs? (--, #, /*) What about setting referrer to null or wildcard?
    I'm a compulsive post editor, you might wanna wait until my post has been online for 5-10 mins before quoting it as it will likely change.

    I know I seem harsh in some of my replies. SORRY! But if you're doing something illegal or posting something that seems to be obvious BS I'm going to call you on it.

  4. #4
    Very good friend of the forum Gitsnik's Avatar
    Join Date
    Jan 2010
    The Crystal Wind

    Default Re: SQLi - MySQL

    Which app? Might be easier if we can see the block of code causing you grief
    Still not underestimating the power...

    There is no such thing as bad information - There is truth in the data, so you sift it all, even the crap stuff.

Similar Threads

  1. BT5 + Pyrit + MySQL
    By Si2006 in forum BackTrack 5 General Topics
    Replies: 0
    Last Post: 03-04-2012, 11:48 AM
  2. Mysql configure fix
    By galeran in forum OLD BackTrack 4 Software Related Issues
    Replies: 0
    Last Post: 12-23-2009, 03:43 PM
  3. Mysql is killing me
    By koolzfire in forum OLD Newbie Area
    Replies: 1
    Last Post: 06-30-2009, 05:20 AM
  4. Sun buy MySQL
    By Re@lity in forum OLD General IT Discussion
    Replies: 4
    Last Post: 01-18-2008, 04:26 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts