nightsider wrote:got a problem i used the correct injection to view the number of tables in the db, but my browser wont load the jpgs im using the latest ver of firefox and i am running win vista any help u can give me would be apreciated
If you run the injection and receive broken images.....take a look at the source code of those images.
does the source present a doorway to new possibilities, or is it simply telling us that we messed up? I finally realized that there were GET-using pages staring me in the face...when I tried to sql-exploit them, I got a broken image. Not sure if this means "try, try again" or "use this to do something else" From what I've read throughout the forum, I just need to find the right command. I'm currently checking out a resource that tells me I need to use error messages to figure out table names, column names, etc. However, The only error messages I've managed to get are a broken image and the one just about everyone has gotten after messing with the email input box. I've seen posts about nulls to compensate for column number disparities, but I don't know how to find those disparities. I've been checking out http://www.securiteam.com/securityreviews/5DP0N1P76E.html
...does anyone have a more relevant source of information on SQL injections? The last link isn't that great.
btw, @those trying to figure out what to do with the email list once they have it, I STRONGLY suggest that you read previous posts before filling the forum with near-identical questions...your laziness makes it harder for the rest of us to find information. "Thanks in advance"