Blind SQL Injection

Check error: http://testphp.vulnweb.com/artists.php?artist=1′

Warning: mysql_fetch_array() expects parameter 1 to be resource, boolean given in /hj/var/www/artists.php on line 62

1. Select Table Name and Column Name

Result: artists | artist_id

2. Select other Table (Skipping Artists table)

Result: carts | cart_id

Skipping table ‘artists’,’carts’, ‘categ’, ‘featured’, ‘guestbook’, ‘pictures’, ‘products’

Result: users | uname

3. Display other column in table “users”

Result: users | pass

There are 2 columns in the table “users” as below:
“users | uname”
“users | pass”

4. Show uname & pass value from table “users”

Final result: test | test

User: test | Password: test

artists - Mozilla Firefox 2016-12-04 17.05.16

 

Leave a Comment

Your email address will not be published. Required fields are marked *