First of all, im not a n00b so please dont tell me to read some tutorials and learn basics, because i already know. Im trying to get information from a table from database from a particular web site. There is a simple form(username and pass) which is processed by same index.php on which the form is. I first of all, check cookies then if there is any JS (there is none), no hidden stuff(as far as i know), no SSI, so i next thing i tried logically was SQL injection. I tried some basics first--> 'OR 1=1-- for username and pass, and i got in. Nothing interesting, because i wanted to get the info of everyone from database.
Then the stuff became interesting. If i tried 'OR 1=1-- for username and blabla for pass, i get these error: DATABASE ERROR: SELECT id, name, surname, uporabniskoime, skupina, lan FROM ajm_mail_userdata WHERE uporabniskoime=''OR 1=1--' AND geslo='blabla' AND cv_flag =1. So good for me, now i know the database name(ajm_mail_userdata) and all the columns. But whatever technique of SQL injection i tried next to get data from columns(UNION TOP 1.....; UNION ALL; just SELECT,...) it didnt worked.
I tryed with all sorts(i could think of) of ' changing with " and -- with # and other things. The problem is i always get the error: DATABASE ERROR......! No ODBC error message, so no information whatsoever. So my questions in this long post are:
Why no ODBC error? Is "DATABASE ERROR" telling me something about which system/database is used on that site? Why is UNION,... not working, as it is clear the php page is vulnerable to SQL injection? What cv_flag=1 means (it must be important cuz its joined with the pass query with AND)? And finally, is any1 have any ideas how to break this problem? THANK YOU ALL