1. Welcome to PHCorner Forums. Take a moment to Sign up and gain unlimited access and extra privileges that guests are not entitled to, such as:

    All that and more! Registration is quick, simple and absolutely free. Join our community today!

Help Sql injection

Discussion in 'Coding, Programming' started by Destroyers, Aug 2, 2016.

  1. Please help me sir.
    The site have only one column
    when i put union all select or union select 1 it showed

    Warning: mysql_fetch_array() expects parameter 1 to be resource, boolean given in /home/cc1916/public_html/www3/apps/frontend/offres/offre.php on line 419

    Warning: mysql_num_rows() expects parameter 1 to be resource, boolean given in /home/cc1916/public_html/www3/apps/frontend/offres/offre.php on line 440

    when I put
    or 1 group by concat_ws(0x3a,version(),floor(rand(0)*2)) having min(0) or 1


    I'ts the same output
    I cant get the version and database.
    Please how to get the version,database?
    please comment the command. ty
  2. kira111101

    kira111101 Addict Established

    depreciated na ginagamit mong mysql. gawin mong mysqli lhat ng query mo
  3. I think older version ang database na gamit niya kaya ganyan or maybe confused ka kung ilang column/s ba talaga ang meron siya.
  4. Teach me sir. I don't know how to use mysqli in website
    I don't know where I gonna put this
    function doSearch() {
    $output = '';
    if(isset($_POST['search'])) {
    $searchq = $_POST['search'];
    $searchq = preg_replace ("#[^0-9a-z]#i","",$searchq);
    $sql = "SELECT * FROM entries WHERE name LIKE '%$searchq%' or description LIKE '%$searchq%' or content LIKE '%$searchq%'";
    $query = mysqli_query($connect, $sql);
    $count = mysqli_num_rows($query);
    if($count == 0) {
    $output = '<tr><tr>No results found.</tr></td>';
    } else {
    while($row = mysqli_fetch_array($query)) {
    $eName = $row['name'];
    $eDesc = $row['description'];
    $eCont = $row['content'];
    $id = $row['id'];
    $elvl = $row['level'];
    $ehp = $row['hp'];

    $output .= '<tr><td><a href=" Please or Register to view links' .$id. '" onclick="document.linkform.submit();">'.$eName.'</a></td><td>'.$eDesc.'</td><td>'.$elvl.'</td><td>'.$ehp.'</td></tr>';
    return $output;
    that just example
  5. kira111101

    kira111101 Addict Established

    ani ba balak mo i achieve? yan ba code mo mo example mo lng
  6. DestroyersDestroyers kanino po ba ang website na yan? sa iyo po ba yan?
  7. kira111101

    kira111101 Addict Established

    yang code mo kasi n yan png filter lng yan
  8. example ko lang yan

    hindi try ko lang.
    pero d ko naman dedeface papasukin ko lang
    marami kacng site na katulad nyan pero kaya ng iba na pasukin
  9. kira111101

    kira111101 Addict Established

    papasukin? gagayahin mo ba ung code nila or what?
  10. gusto ko hackin din yung site
    pero d ko idedeface
    ang kailangan ko lang yung command para ma hack yung website.
  11. kira111101

    kira111101 Addict Established

    mahirap yan lalo na kung malalaking sites ang i hack mo meron mga security features mga un
    N1ghtmare likes this.
  12. and daming nakakahack na nung website na hinahack ko.
    natatwa lang ako kac nagaagawan. kada araw iba iba yung defaced page.
    kaya sinubukan ko pero ayaw. dko kaya. papatulong sana ako eh! kac yung ibang site na na incounter ko parehas lang dun. kaya kung malalaman ko kung pano siguro parehas lang sa iba yung command.

    kira111101 parang pamilyar pangalan mo COD3X kaba?
  13. Local o Foreign site ba yan TS?
  14. foreign site
Tags / Keywords: