deleted 52 characters in body; edited title

Source Link

edited Apr 28, 2016 at 10:57

65.9k
25
188
227

dumping Dumping custom query via sqlSQL injection when output is in the die() function?

There isOn my localhost I have a PHP link like this

abc.com/index.php?q=XYZ

XYZwhere XYZ is a base64encoded parameter that I have verified is injectable, when i. When I try abc.com/index.php?q=XYZ' it returns You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for

You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for

soSo probably the query is

`select * from TableName where q={QUERYPRAM`} or die(mysql_error());

howHow can I write my custom query here or get information since the output is actually in die()the die() function.?

I normally use sqlmapSQLMap for this fucntionfunction, but that is behaving very slow and closes request immediately.

any hint ?

EDIT : I am using this on my localhost, not on a live website

dumping custom query via sql injection

There is a PHP link like this

abc.com/index.php?q=XYZ

XYZ is base64encoded parameter that I have verified is injectable, when i try abc.com/index.php?q=XYZ' it returns You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for

so probably the query is

`select * from TableName where q={QUERYPRAM`} or die(mysql_error());

how can I write my custom query here or get information since the output is actually in die() function.

I normally use sqlmap for this fucntion, but that is behaving very slow and closes request immediately.

any hint ?

EDIT : I am using this on my localhost, not on a live website

Dumping custom query via SQL injection when output is in the die() function?

On my localhost I have a PHP link like this

abc.com/index.php?q=XYZ

where XYZ is a base64encoded parameter that I have verified is injectable. When I try abc.com/index.php?q=XYZ' it returns

You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for

So probably the query is

`select * from TableName where q={QUERYPRAM`} or die(mysql_error());

How can I write my custom query here or get information since the output is actually in the die() function?

I normally use SQLMap for this function, but that is behaving very slow and closes request immediately.

added 67 characters in body

Source Link

edited Apr 22, 2016 at 8:57

Johnny

343
1
6
14

There is a PHP link like this

abc.com/index.php?q=XYZ

XYZ is base64encoded parameter that I have verified is injectable, when i try abc.com/index.php?q=XYZ' it returns You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for

so probably the query is

`select * from TableName where q={QUERYPRAM`} or die(mysql_error());

how can I write my custom query here or get information since the output is actually in die() function.

I normally use sqlmap for this fucntion, but that is behaving very slow and closes request immediately.

any hint ?

EDIT : I am using this on my localhost, not on a live website

There is a PHP link like this

abc.com/index.php?q=XYZ

XYZ is base64encoded parameter that I have verified is injectable, when i try abc.com/index.php?q=XYZ' it returns You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for

so probably the query is

`select * from TableName where q={QUERYPRAM`} or die(mysql_error());

how can I write my custom query here or get information since the output is actually in die() function.

I normally use sqlmap for this fucntion, but that is behaving very slow and closes request immediately.

any hint ?

There is a PHP link like this

abc.com/index.php?q=XYZ

XYZ is base64encoded parameter that I have verified is injectable, when i try abc.com/index.php?q=XYZ' it returns You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for

so probably the query is

`select * from TableName where q={QUERYPRAM`} or die(mysql_error());

how can I write my custom query here or get information since the output is actually in die() function.

I normally use sqlmap for this fucntion, but that is behaving very slow and closes request immediately.

any hint ?

EDIT : I am using this on my localhost, not on a live website

Source Link

asked Apr 22, 2016 at 8:50

Johnny

343
1
6
14

dumping custom query via sql injection

There is a PHP link like this

abc.com/index.php?q=XYZ

XYZ is base64encoded parameter that I have verified is injectable, when i try abc.com/index.php?q=XYZ' it returns You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for

so probably the query is

`select * from TableName where q={QUERYPRAM`} or die(mysql_error());

how can I write my custom query here or get information since the output is actually in die() function.

I normally use sqlmap for this fucntion, but that is behaving very slow and closes request immediately.

any hint ?

Stack Exchange Network

Return to Question

dumping Dumping custom query via sqlSQL injection when output is in the die() function?

dumping custom query via sql injection

Dumping custom query via SQL injection when output is in the die() function?

dumping custom query via sql injection