Hi I'm trying to work out if it is possible to use this injection to extract data:
select a,b,c from tab order by x limit <injection> Normally with a limit I'd do a union but you can't do a union if there is an order by unless the first query is wrapped in brackets (select a,b,c from tab order by x limit 1) union select blah would work but without the brackets it fails. I tried a subselect to generate the number that goes in the limit select a,b,c from tab order by x limit (select 2) but that doesn't work either. An "into outfile" works but unfortunately I can't find anywhere in the web root to write the data to and there is no LFI to read the data out of other directories. Can anyone suggest anything else that I can try? Robin
_______________________________________________ Pauldotcom mailing list [email protected] http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com
