I have jos_users as the name of my table, it gives me this error,
however I think KHG is not sql (as it seems it stands for Kosovo
Hackers Group) so I guess the sql needs to be modified some way, I
tried removing the KHG but still error.
I think my forcing to integer will stop anything like this,
SQL query:
SELECT *
FROM 1 , 2, concat( username, char( 58 ) ,
PASSWORD ) KHG, 4, 5, 6, 7, 8, 9, 10
FROM jos_users
LIMIT 0 , 30
MySQL said: Documentation
#1064 - You have an error in your SQL syntax; check the manual that
corresponds to your MySQL server version for the right syntax to use
near '1,2,concat(username,char(58),password)KHG,4,5,6,7,8,9,10 from
jos_users
LIMIT 0' at line 1
On Oct 11, 3:03 pm, Aaron Fulton <[EMAIL PROTECTED]> wrote:
> try replacing
>
> "jos_users" with the name of your users table an see what happens...
>
> matt_thomson wrote:
> > I done:
> > $gallery = JRequest::getString('gallery', '');
> > echo $gallery;
> > exit;
>
> > which gave me:
> > -1 union select 1,2,concat(username,char(58),password)KHG,
> > 4,5,6,7,8,9,10 from jos_users--
>
> > which I guess combines with:
> > $query = "SELECT * FROM #__ignitegallery WHERE id = $gallery";
>
> > gives me:
> > SELECT * FROM #__ignitegallery WHERE id = -1 union select
> > 1,2,concat(username,char(58),password)KHG,4,5,6,7,8,9,10 from
> > jos_users--
>
> > which gives me:
> > #1064 - You have an error in your SQL syntax; check the manual....
>
> > I have done a temp fix for now where I replace:
> > $gallery = JRequest::getString('gallery', '');
> > with
> > $gallery = JRequest::getInt('gallery', '');
> > Which I should have done in the first place!, this forces an integer
> > to $gallery.
>
> > I would still like to understand what this hacker is doing,
>
> > Thanks,
>
> > Matt.
>
> > On Oct 11, 1:33 pm, Berend de Boer <[EMAIL PROTECTED]> wrote:
>
> >>>>>>> "matt" == matt thomson <[EMAIL PROTECTED]> writes:
>
> >> matt> JRequest::getString('gallery', '');
>
> >> Can you tell us the value of $gallery after this request with the
> >> hacker's SQL?
>
> >> matt> It seems the hacker thinks he has found a way around it.
>
> >> Might be on an old version of Joomla.
>
> >> --
> >> Cheers,
>
> >> Berend de Boer
>
> > ------------------------------------------------------------------------
>
> > No virus found in this incoming message.
> > Checked by AVG -http://www.avg.com
> > Version: 8.0.169 / Virus Database: 270.8.0/1717 - Release Date: 10/9/2008
> > 4:56 PM
--~--~---------~--~----~------------~-------~--~----~
NZ PHP Users Group: http://groups.google.com/group/nzphpug
To post, send email to [email protected]
To unsubscribe, send email to
[EMAIL PROTECTED]
-~----------~----~----~----~------~----~------~--~---
