Learn Security Online
[Advertise With HackThisSite.org]

Hack This Site - Forums Index

MySQL SQL injection through ORDER BY

Discuss how to write good code, break bad code, your current pet projects, or the best way to approach novel problems
Post a reply

MySQL SQL injection through ORDER BY

Post by StandaxXx on Fri Aug 19, 2011 6:25 pm
([msg=61012]see MySQL SQL injection through ORDER BY[/msg])

I was trying to make a SQL injection according to this article:

http://josephkeeler.com/2009/05/php-security-sql-injection-in-order-by/

I already prepared the injections for scanning the tables from information_schema but doing it manualy is very boring. I want to make some script to search the web page, then read the answer and reload it with different variables. Then in the end it should display the results. I have some knowladge in programming, but I am not sure what language would be best for this purpose. Thanks for any help.
StandaxXx
New User
New User
 
Posts: 1
Joined: Fri Aug 19, 2011 4:14 pm
Blog: View Blog (0)

Re: MySQL SQL injection through ORDER BY

Post by centip3de on Fri Aug 19, 2011 10:49 pm
([msg=61015]see Re: MySQL SQL injection through ORDER BY[/msg])

StandaxXx wrote:I was trying to make a SQL injection according to this article:

http://josephkeeler.com/2009/05/php-security-sql-injection-in-order-by/

I already prepared the injections for scanning the tables from information_schema but doing it manualy is very boring. I want to make some script to search the web page, then read the answer and reload it with different variables. Then in the end it should display the results. I have some knowladge in programming, but I am not sure what language would be best for this purpose. Thanks for any help.


I quite honestly would use Python, as it is my favorite, it's fairly easy, has massive documentation, and has a very good urllib/urllib2 library. Though this is quasi-illegal (so I won't go in-depth, just skim the surface), you would want to input a website, attach the test for sql injections to the end, download the page, search the page for tokens, if it worked, proceed, etc.

On a side-note, though doing things manually is boring, repetition is the easiest way to memorize. Where-as a program would do all the memorizing for you, and ruin the learning process.

~Cent
Programming today is a race between software engineers striving to build bigger and better idiot-proof programs, and the Universe trying to produce bigger and better idiots. So far, the Universe is winning. -Rick Cook
User avatar
centip3de
Moderator
Moderator
 
Posts: 1237
Joined: Fri Aug 20, 2010 5:46 pm
Blog: View Blog (0)
Post a reply

Return to Programming

Who is online

Users browsing this forum: No registered users and 0 guests

Disclaimer :
HackThisSite does not support illegal activities.
The management of this board is not responsible for the content of any external internet sites.
Powered by phpBB © 2000-2009 phpBB Group
Carbon Style By Echo -=Designs By Echo=- © 2007 Echo
Administration Control Panel