![]() ![]() I didn't see any paper covering this problem, so i must write it . If you get an error "union + illegal mix of collations (IMPLICIT + COERCIBLE). We replace the number 2 with or version() and get someting like 4.1.33-log or 5.0.45 or similar. Let say that we have number 2 on the screen, now to check for version It's a comment and it's important for our query to work properly. union all select 1,2,3/* NOTE: if /* not working or you get some error, then try. If we see some numbers on screen, i.e 1 or 2 or 3 then the UNION works . union all select 1,2,3/* (we already found that number of columns are 3 in section 2). With union we can select more data in one sql statement. ![]() That means that the it has 3 columns, cause we got an error on 4. order by 4/* <- error (we get message like this Unknown column '4' in 'order clause' or something like that) To find number of columns we use statement ORDER BY (tells database how to order the result) so how to use it? Well just incrementing the number until we get an error. Or something similar that means the Site is vulnerable to SQL injection. "You have an error in your SQL syntax check the manual that corresponds to your MySQL server version for the right etc." ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |