Return to Question

I'm trying to test a challenge website using ModSecurity as a WAF. When I put ' in the user agent I got an error from MySQL. Now I'm trying to exploit it with this header:

User-Agent: brick') order by 15 --+

The result is:

You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '')' at line 1

i found another input that is vulnerable to sql injection too i think maybe it's easier to be exploited ...

' order by 15 --+

i tried to inject like this example and it works the result

Unknown column '15' in 'order clause' etc..

but when i tried order by 2

i got this result :

You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'order by 2 --  ', '', '', '', '5', 'Lbs', '', 'Mozilla/5.0')' at line 1

Any ideas on how to exploit ?

I'm trying to test a challenge website using ModSecurity as a WAF. When I put ' in the user agent I got an error from MySQL.

You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '''')' at line 1

Now I'm trying to exploit it with this header:

User-Agent: brick') order by 15 --+

The result is:

You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '')' at line 1

i found another input that is vulnerable to sql injection too i think maybe it's easier to be exploited ...

' order by 15 --+

i tried to inject like this example and it works the result

Unknown column '15' in 'order clause' etc..

but when i tried order by 2

i got this result :

You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'order by 2 --  ', '', '', '', '5', 'Lbs', '', 'Mozilla/5.0')' at line 1

Any ideas on how to exploit ?

I'm trying to test a challenge website using ModSecurity as a WAF. When I put ' in the user agent I got an error from MySQL. Now I'm trying to exploit it with this header:

User-Agent: brick') order by 15 --+

The result is:

You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '')' at line 1

i found another input that is vulnerable to sql injection too i think maybe it's easier to be exploited ...

' order by 15 --+

i tried to inject like this example and it works the result

Unknown column '15' in 'order clause' but when i tried order by 2

i got this result :

You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'order by 2 --  ', '', '', '', '5', 'Lbs', '', 'Mozilla/5.0')' at line 1

Any ideas on how to exploit ?

I'm trying to test a challenge website using ModSecurity as a WAF. When I put ' in the user agent I got an error from MySQL. Now I'm trying to exploit it with this header:

User-Agent: brick') order by 15 --+

The result is:

You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '')' at line 1

i found another input that is vulnerable to sql injection too i think maybe it's easier to be exploited ...

' order by 15 --+

i tried to inject like this example and it works the result

Unknown column '15' in 'order clause' etc..

but when i tried order by 2

i got this result :

You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'order by 2 --  ', '', '', '', '5', 'Lbs', '', 'Mozilla/5.0')' at line 1

Any ideas on how to exploit ?

I'm trying to test a challenge website using ModSecurity as a WAF. When I put ' in the user agent I got an error from MySQL. Now I'm trying to exploit it with this header:

User-Agent: brick') order by 15 --+

The result is:

You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '')' at line 1

i found another input that is vulnerable to sql injection too i think maybe it's easier to be exploited ...

' order by 15 --+

i tried to inject like this example and it works the result

Unknown column '15' in 'order clause' but when i tried order by 2

i got this result :

You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'order by 2 --  ', '', '', '', '5', 'Lbs', '41.239.142.222', 'Mozilla/5.0')' at line 1

Any ideas on how to exploit ?

I'm trying to test a challenge website using ModSecurity as a WAF. When I put ' in the user agent I got an error from MySQL. Now I'm trying to exploit it with this header:

User-Agent: brick') order by 15 --+

The result is:

You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '')' at line 1

i found another input that is vulnerable to sql injection too i think maybe it's easier to be exploited ...

' order by 15 --+

i tried to inject like this example and it works the result

Unknown column '15' in 'order clause' but when i tried order by 2

i got this result :

You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'order by 2 --  ', '', '', '', '5', 'Lbs', '', 'Mozilla/5.0')' at line 1

Any ideas on how to exploit ?