MySQL SQL injection through ORDER BY

Discuss how to write good code, break bad code, your current pet projects, or the best way to approach novel problems

MySQL SQL injection through ORDER BY

Post by StandaxXx on Fri Aug 19, 2011 6:25 pm
([msg=61012]see MySQL SQL injection through ORDER BY[/msg])

I was trying to make a SQL injection according to this article:

http://josephkeeler.com/2009/05/php-security-sql-injection-in-order-by/

I already prepared the injections for scanning the tables from information_schema but doing it manualy is very boring. I want to make some script to search the web page, then read the answer and reload it with different variables. Then in the end it should display the results. I have some knowladge in programming, but I am not sure what language would be best for this purpose. Thanks for any help.
StandaxXx
New User
New User
 
Posts: 1
Joined: Fri Aug 19, 2011 4:14 pm
Blog: View Blog (0)


Re: MySQL SQL injection through ORDER BY

Post by centip3de on Fri Aug 19, 2011 10:49 pm
([msg=61015]see Re: MySQL SQL injection through ORDER BY[/msg])

StandaxXx wrote:I was trying to make a SQL injection according to this article:

http://josephkeeler.com/2009/05/php-security-sql-injection-in-order-by/

I already prepared the injections for scanning the tables from information_schema but doing it manualy is very boring. I want to make some script to search the web page, then read the answer and reload it with different variables. Then in the end it should display the results. I have some knowladge in programming, but I am not sure what language would be best for this purpose. Thanks for any help.


I quite honestly would use Python, as it is my favorite, it's fairly easy, has massive documentation, and has a very good urllib/urllib2 library. Though this is quasi-illegal (so I won't go in-depth, just skim the surface), you would want to input a website, attach the test for sql injections to the end, download the page, search the page for tokens, if it worked, proceed, etc.

On a side-note, though doing things manually is boring, repetition is the easiest way to memorize. Where-as a program would do all the memorizing for you, and ruin the learning process.

~Cent
Programming today is a race between software engineers striving to build bigger and better idiot-proof programs, and the Universe trying to produce bigger and better idiots. So far, the Universe is winning. -Rick Cook
User avatar
centip3de
Moderator
Moderator
 
Posts: 1443
Joined: Fri Aug 20, 2010 5:46 pm
Blog: View Blog (0)



Return to Programming

Who is online

Users browsing this forum: No registered users and 0 guests