How to hack this error?

blackcobra · 02-19-2013, 10:45 AM

Hi,

When I check SQli with ' i get error for SQLi but when I order by 1-- there is no error

http://example/product_info.php?Path=25_35&products_id=31251'

The error:

You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '31251' and pd.language_id = '1' and p.products_status=1' at line 1
select p.products_id, pd.products_name, pd.products_description, p.products_model, p.products_quantity, p.products_image, pd.products_url, p.products_price, p.products_tax_class_id, p.products_date_added, p.products_image_xl_6, p.products_date_available, p.manufacturers_id from products p, products_description pd where p.products_id = '31251\' and pd.products_id = '31251' and pd.language_id = '1' and p.products_status=1

How I can hack with that?

Techie · 02-19-2013, 11:45 AM

Follow this tutorial it might help you.
http://www.hackcommunity.com/Thread-Tuto...-Injection

blackcobra · 02-19-2013, 04:01 PM

(02-19-2013, 11:45 AM)τhε.τhinkεr Wrote: Follow this tutorial it might help you.
http://www.hackcommunity.com/Thread-Tuto...-Injection

I follow already but when i use order by 1-- it redirect to homepage.

Techie · 02-19-2013, 06:48 PM

(02-19-2013, 04:01 PM)blackcobra Wrote:
(02-19-2013, 11:45 AM)τhε.τhinkεr Wrote: Follow this tutorial it might help you.
http://www.hackcommunity.com/Thread-Tuto...-Injection

I follow already but when i use order by 1-- it redirect to homepage.

Did you try order by 2--;3--;4--...?

blackcobra · 02-20-2013, 02:56 AM

(02-19-2013, 06:48 PM)τhε.τhinkεr Wrote:
(02-19-2013, 04:01 PM)blackcobra Wrote:
(02-19-2013, 11:45 AM)τhε.τhinkεr Wrote: Follow this tutorial it might help you.
http://www.hackcommunity.com/Thread-Tuto...-Injection

I follow already but when i use order by 1-- it redirect to homepage.

Did you try order by 2--;3--;4--...?

I tried it already but still redirect to homepage. Do u know anthor method to bypass?

Thanks

Techie · 02-20-2013, 08:22 PM

Nope bro sorry, but you can always PM 1llusion, V1P3R, Wild Hacker etc. maybe they can help you.

1llusion · 02-21-2013, 03:10 PM

Hi,

there are multiple kinds of SQL injection. The guide explains just one, look up error based SQL injection. Also, there is a difference between injecting an integer value or a string and also there is a difference between ' and ".
I'm not a master of SQLi so these are my two cents.

1llusion · 02-21-2013, 03:10 PM

Hi,

there are multiple kinds of SQL injection. The guide explains just one, look up error based SQL injection. Also, there is a difference between injecting an integer value or a string and also there is a difference between ' and ".
I'm not a master of SQLi so these are my two cents.

blackcobra · 02-21-2013, 06:29 PM

(02-20-2013, 08:22 PM)τhε.τhinkεr Wrote: Nope bro sorry, but you can always PM 1llusion, V1P3R, Wild Hacker etc. maybe they can help you.

PM via skype or yahoo?

blackcobra · 02-21-2013, 06:29 PM

(02-20-2013, 08:22 PM)τhε.τhinkεr Wrote: Nope bro sorry, but you can always PM 1llusion, V1P3R, Wild Hacker etc. maybe they can help you.

PM via skype or yahoo?

How to hack this error?
Author Message