Princeton Blind SQL Injection

Posted on 18:01 by Xianur0

Reporte el bug al admin, y le prometí que no lo diría hasta haberlo corregido:

(metan en google la búsqueda:
y verán que CMs usaba jejeje)


Good evening, my nickname is Xianur0, I write about and reported security flaws in its system, to begin a Blind SQL Injection (do not authorized to consult your SQL system (MySQL)) for example:,1,1))=109,2,1))=114,3,1))=98,4,1))=115,5,1))=64,6,1))=108,7,1))=111,8,1))=99,9,1))=97,10,1))=108,11,1))=104,12,1))=111,13,1))=115,14,1))=116

By making a SQL incorrect table stays empty rooms or with a single element, to be correct these consultations, the table shows all the rooms.

Sorting the results in ASCII:

and translate them into a readable string, we get:

Which is the user of MySQL used by the system, now we made another inquiry to identify which tables are permitted for that user in MySQL: AND (SELECT count (*) FROM INFORMATION_SCHEMA.TABLES)
There database: INFORMATION_SCHEMA and table: tables, this database contains information on the MySQL (for example: tables, columns, etc.), we now how many databases that are in mysql: AND (SELECT count (TABLE_SCHEMA) FROM INFORMATION_SCHEMA.TABLES) = 20

This means that there are 20 databases recorded in the INFORMATION_SCHEMA, and if we keep the first step (to which we obtained the user can obtain the structure of the system, users obtain and carry out an attack on the system).

Nick: Xianur0

Sorry For My Bad English

bueno el mensaje sirve como ejemplo de Blind SQL Injection manual xD...

jeje hasta los grandes tienen sus malos momentos...

0 comentarios: