Off topicSQL Injection First steps| Author | Post | ||
|
avo [none yet] |
Hey everyone :] I tryed to look on internet how to do some nice sql injection, but it's mostly the "to do be vulnerable to sql injection" tutorials you mostly see on internet. So I tryed so very easy first step, I made a php page built like this :  Quote:<html> <body> <table border="1"> <?php $flag = $_GET['flag']; mysql_connect("localhost","root",""); mysql_selectdb("graphe"); $requette = "SELECT id,number,flag FROM static WHERE flag='".$flag."'"; $resultat = mysql_query($requette); echo $requette."<br/>"; while($row = mysql_fetch_row($resultat)) { echo "<tr><td border='1'>".$row[0]."</td>"; echo "<td border='1'>".$row[1]."</td>"; echo "<td border='1'>".$row[2]."</td></tr>"; } mysql_close(); ?> </table> </body> </html> You notice that it's a very unsecured page... The Database is built like that : Quote:CREATE TABLE `static` ( `id` int(11) NOT NULL auto_increment, `number` int(11) NOT NULL default '0', `flag` int(11) NOT NULL default '0', PRIMARY KEY (`id`) ) ENGINE=MyISAM DEFAULT CHARSET=latin1 AUTO_INCREMENT=6 ; INSERT INTO `static` VALUES (1, 32, 1); INSERT INTO `static` VALUES (2, 27, 1); INSERT INTO `static` VALUES (3, 30, 1); INSERT INTO `static` VALUES (4, 36, 1); INSERT INTO `static` VALUES (5, 666, 0); CREATE TABLE `user` ( `id` int(11) NOT NULL auto_increment, `login` varchar(255) NOT NULL default '', `pass` varchar(255) NOT NULL default '', PRIMARY KEY (`id`) ) ENGINE=MyISAM DEFAULT CHARSET=latin1 AUTO_INCREMENT=3 ; INSERT INTO `user` VALUES (1, 'admin', 'monpassadmin'); INSERT INTO `user` VALUES (2, 'utilisateur_lambda', 'passlambda'); Ok, my goal was to find the passwords of the users... The only thing I could do is : Quote:http://localhost/hack/injection_msql.php?flag=1'+AND+'1'='0 Nothing really interesting, this row shows nothing, it's normal. Considering I don't know the names of the tables/columns, I don't know what to do now... All we know is that there is a column named "flag" at this moment. Someone could give me a hint plix? :] (i read much docs about it but well :/) |
||
| 24.09.2007 02:07:24 |
|
||
| unknown user |
odd i believe i covered most of this in http://www.bright-shadows.net/forum/forum_showtopic.php?topicid=2854 and tbs' webvuln doc is out there too. |
||
| 24.09.2007 02:19:03 |
|
||
private message
EMail