Welcome to HBH! If you had an account on hellboundhacker.org you will need to reset your password using the Lost Password system before you will be able to login.

Advanced sql injection, need help

  1. Home
  2. Forum
  3. Web hacking
  4. Advanced sql injection, need help

ghost's Avatar

ghost

0 0

The original query: "SELECT name,interest,profile FROM members WHERE id=$id"

UNION ALL SELECT null,email,null WHERE > 2 Gives me an email address.

What I am having problems with is finding out the NAME of the password column. I've been bruteforcing it for 2 days now, no luck yet. It's a mysql database, so the error messages gives me no help.

I really dont think there is any way of finding the name of the column, but if you know a way, please tell me.


Mr_Cheese's Avatar

Mr_Cheese

0 1

messing around with TABLE SCHEME and COLUMN should give you those details i think.


ghost's Avatar

ghost

0 0

"SQL Injection Walkthrough" <– this tutorial will help you out finding column_name or else.


ghost's Avatar

ghost

0 0

lol nice b0lu. thats the best tut ever


ghost's Avatar

ghost

0 0

Mr_Cheese wrote: messing around with TABLE SCHEME and COLUMN should give you those details i think. Can you give me some examples on how to inject those commands ?


ghost's Avatar

ghost

0 0

umm, b0lu, where is the Tut at ? lol