Inject away... - GoFuckYourself.com

jwerd · 06-18-2004, 05:37 PM

I set up a small script on my site that looks for a GET type variable, and looks up a username. Now this is just a test script, your objective is to delete the user John. Can you do it?

Column name is username
Table name is exploit
Value inside we are wanting to delete John.
Variable name sql

Can you guys do it?

http://www.lamerhood.com/exploits/sq...p?sql=whatever

err sorry, it's "john" not "John". And I'll let you guys know if it works or not

arial · 06-18-2004, 05:41 PM

DELETE FROM `exploit` WHERE username=`John`

jwerd · 06-18-2004, 05:42 PM

Quote:

Originally posted by arial
DELETE FROM `exploit` WHERE username=`John`

Did not work.

jwerd · 06-18-2004, 05:46 PM

Ok now it will keep displaying "john" until it is deleted successfully. Let the injecting begin :P And I appreciate it guys, thanks...

arial · 06-18-2004, 05:51 PM

Quote:

Originally posted by lamerhooD
Did not work.

Try it in phpMyAdmin

make John=john

jwerd · 06-18-2004, 05:53 PM

Quote:

Originally posted by arial
Try it in phpMyAdmin make John=john

The point is, I want someone completely random to delete that entry so I can see if it truly is possible to do...without knowing much of anything and without having access to database/server tools

jwerd · 06-18-2004, 05:55 PM

PHP Code:


			
    $q = mysql_query("select * from exploit 



where username = '" .$_GET['sql'] . "'");

    if(!$q)

        die(mysql_error());

06-18-2004, 05:37 PM	#1
jwerd Confirmed User Industry Role: Join Date: Jun 2003 Location: Costa Rica Posts: 1,953	Inject away... I set up a small script on my site that looks for a GET type variable, and looks up a username. Now this is just a test script, your objective is to delete the user John. Can you do it? Column name is username Table name is exploit Value inside we are wanting to delete John. Variable name sql Can you guys do it? http://www.lamerhood.com/exploits/sq...p?sql=whatever err sorry, it's "john" not "John". And I'll let you guys know if it works or not __________________ Yii Framework Guru - Seasoned PHP vet - Partner @ XXXCoupon.com Last edited by jwerd; 06-18-2004 at 05:42 PM..

06-18-2004, 05:46 PM	#4
jwerd Confirmed User Industry Role: Join Date: Jun 2003 Location: Costa Rica Posts: 1,953	Ok now it will keep displaying "john" until it is deleted successfully. Let the injecting begin :P And I appreciate it guys, thanks... __________________ Yii Framework Guru - Seasoned PHP vet - Partner @ XXXCoupon.com

06-18-2004, 05:55 PM	#7
jwerd Confirmed User Industry Role: Join Date: Jun 2003 Location: Costa Rica Posts: 1,953	PHP Code: `$q = mysql_query("select * from exploit where username = '" .$_GET['sql'] . "'"); if(!$q) die(mysql_error());` __________________ Yii Framework Guru - Seasoned PHP vet - Partner @ XXXCoupon.com

06-18-2004, 05:41 PM	#2
arial Confirmed User Join Date: Jul 2002 Location: Bay Area Posts: 4,012	DELETE FROM `exploit` WHERE username=`John`