Tiny sql-injection problem.

Hey. Yes, little UNION based sql-injection problem.

xxx.php?id=1 order by 1/* Brings back the actual website. xxx.php?id=1 order by 2/* Gives an error: Unknown column '2' in 'order clause'.

So we have only 1 column.

The problem is, when i try to: xxx.php?id=1 union all select 1/* It gives an error: The used SELECT statements have a different number of columns.

0_o.. ideas?

Try other options. try select. keep testing it until you get the results you want. be creative.

Select won't make a difference.

Basically what is happening is that their are at least two different select statements that the site is pulling from xxx.php?id=1

So one statement may be selecting from a table that has only 1 column, but the statement that you are looking for (and where the data is being written out) is selecting from a different table with more than 1 column. Just to be sure, try UNION ALL SELECT 1111111/* and then do a cntrl F in the source code for 1111111. If it shows up then you're golden.

Most likely though it won't show up and you'll have to figure out how many columns are in the other table that it is selecting from. Try doing ORDER BY 100/*….do you get the same error? Does the error show up where the content is, but the rest of the page loads normally? Or is it a white screen with the error message? If it's a white screen then most likely you won't be able to exploit it.