1. Welcome to PHCorner Forums. Take a moment to Sign up and gain unlimited access and extra privileges that guests are not entitled to, such as:

    All that and more! Registration is quick, simple and absolutely free. Join our community today!

Help Sql injection

Discussion started by Destroyers, Aug 2, 2016.

  1. Please help me sir.
    The site have only one column
    when i put union all select or union select 1 it showed

    Warning: mysql_fetch_array() expects parameter 1 to be resource, boolean given in /home/cc1916/public_html/www3/apps/frontend/offres/offre.php on line 419

    Warning: mysql_num_rows() expects parameter 1 to be resource, boolean given in /home/cc1916/public_html/www3/apps/frontend/offres/offre.php on line 440

    when I put
    or 1 group by concat_ws(0x3a,version(),floor(rand(0)*2)) having min(0) or 1


    I'ts the same output
    I cant get the version and database.
    Please how to get the version,database?
    please comment the command. ty
  2. depreciated na ginagamit mong mysql. gawin mong mysqli lhat ng query mo
  3. I think older version ang database na gamit niya kaya ganyan or maybe confused ka kung ilang column/s ba talaga ang meron siya.
  4. Teach me sir. I don't know how to use mysqli in website
    I don't know where I gonna put this
    function doSearch() {
    $output = '';
    if(isset($_POST['search'])) {
    $searchq = $_POST['search'];
    $searchq = preg_replace ("#[^0-9a-z]#i","",$searchq);
    $sql = "SELECT * FROM entries WHERE name LIKE '%$searchq%' or description LIKE '%$searchq%' or content LIKE '%$searchq%'";
    $query = mysqli_query($connect, $sql);
    $count = mysqli_num_rows($query);
    if($count == 0) {
    $output = '<tr><tr>No results found.</tr></td>';
    } else {
    while($row = mysqli_fetch_array($query)) {
    $eName = $row['name'];
    $eDesc = $row['description'];
    $eCont = $row['content'];
    $id = $row['id'];
    $elvl = $row['level'];
    $ehp = $row['hp'];

    $output .= '<tr><td><a href="http://seersvillage.com/v1.2/npc.php?id=' .$id. '" onclick="document.linkform.submit();">'.$eName.'</a></td><td>'.$eDesc.'</td><td>'.$elvl.'</td><td>'.$ehp.'</td></tr>';
    return $output;
    that just example
  5. ani ba balak mo i achieve? yan ba code mo mo example mo lng
  6. Destroyers kanino po ba ang website na yan? sa iyo po ba yan?
  7. yang code mo kasi n yan png filter lng yan
  8. example ko lang yan

    hindi try ko lang.
    pero d ko naman dedeface papasukin ko lang
    marami kacng site na katulad nyan pero kaya ng iba na pasukin
  9. papasukin? gagayahin mo ba ung code nila or what?
  10. gusto ko ****in din yung site
    pero d ko idedeface
    ang kailangan ko lang yung command para ma **** yung website.
  11. mahirap yan lalo na kung malalaking sites ang i **** mo meron mga security features mga un
    N1ghtmare likes this.
  12. and daming nakaka**** na nung website na hina**** ko.
    natatwa lang ako kac nagaagawan. kada araw iba iba yung defaced page.
    kaya sinubukan ko pero ayaw. dko kaya. papatulong sana ako eh! kac yung ibang site na na incounter ko parehas lang dun. kaya kung malalaman ko kung pano siguro parehas lang sa iba yung command.

    kira111101 parang pamilyar pangalan mo COD3X kaba?
  13. Local o Foreign site ba yan TS?
  14. foreign site
  1. PHCorner uses cookies to help personalise content and tailor your experience. By continuing to use this site, you are consenting to our use of cookies. Accept Learn More
    Dismiss Notice