Need help-please!

Discuss the many weaknesses of browser security and ways to mitigate the threat

Need help-please!

Post by mikelnmartin on Wed Feb 18, 2009 4:13 pm
([msg=18184]see Need help-please![/msg])

First of all, im not a n00b so please dont tell me to read some tutorials and learn basics, because i already know. Im trying to get information from a table from database from a particular web site. There is a simple form(username and pass) which is processed by same index.php on which the form is. I first of all, check cookies then if there is any JS (there is none), no hidden stuff(as far as i know), no SSI, so i next thing i tried logically was SQL injection. I tried some basics first--> 'OR 1=1-- for username and pass, and i got in. Nothing interesting, because i wanted to get the info of everyone from database.
Then the stuff became interesting. If i tried 'OR 1=1-- for username and blabla for pass, i get these error: DATABASE ERROR: SELECT id, name, surname, uporabniskoime, skupina, lan FROM ajm_mail_userdata WHERE uporabniskoime=''OR 1=1--' AND geslo='blabla' AND cv_flag =1. So good for me, now i know the database name(ajm_mail_userdata) and all the columns. But whatever technique of SQL injection i tried next to get data from columns(UNION TOP 1.....; UNION ALL; just SELECT,...) it didnt worked. :?: I tryed with all sorts(i could think of) of ' changing with " and -- with # and other things. The problem is i always get the error: DATABASE ERROR......! No ODBC error message, so no information whatsoever.
So my questions in this long post are: Why no ODBC error? Is "DATABASE ERROR" telling me something about which system/database is used on that site? Why is UNION,... not working, as it is clear the php page is vulnerable to SQL injection? What cv_flag=1 means (it must be important cuz its joined with the pass query with AND)? And finally, is any1 have any ideas how to break this problem? THANK YOU ALL :)
New User
New User
Posts: 1
Joined: Wed Feb 18, 2009 3:46 pm
Blog: View Blog (0)

Re: Need help-please!

Post by thedotmaster on Tue Jul 21, 2009 11:23 am
([msg=27142]see Re: Need help-please![/msg])

Maybe you shouldn't be so arrogant. Maybe you know less than you think you do.

Aside from that, "ODBC" shows that the Microsoft SQL server is being used. Maybe they don't use it? Or maybe they are simply catching a SQL error (from querying with invalid SQL) and displaying that as "Database Error".

Try and work out what the SQL is that you are sticking your own SQL into.
User avatar
Posts: 984
Joined: Sun May 04, 2008 4:39 pm
Location: North West UK
Blog: View Blog (1)

Return to Web

Who is online

Users browsing this forum: No registered users and 0 guests