GoFuckYourself.com - Adult Webmaster Forum

GoFuckYourself.com - Adult Webmaster Forum (https://gfy.com/index.php)
-   Fucking Around & Business Discussion (https://gfy.com/forumdisplay.php?f=26)
-   -   Inject away... (https://gfy.com/showthread.php?t=314669)

jwerd 06-18-2004 05:37 PM
Inject away...
 
I set up a small script on my site that looks for a GET type variable, and looks up a username. Now this is just a test script, your objective is to delete the user John. Can you do it?

Column name is username
Table name is exploit
Value inside we are wanting to delete John.
Variable name sql :)
Can you guys do it?

http://www.lamerhood.com/exploits/sq...p?sql=whatever

err sorry, it's "john" not "John". And I'll let you guys know if it works or not :)

arial 06-18-2004 05:41 PM
DELETE FROM `exploit` WHERE username=`John`

jwerd 06-18-2004 05:42 PM
Quote:
Originally posted by arial
DELETE FROM `exploit` WHERE username=`John`
Did not work.

jwerd 06-18-2004 05:46 PM
Ok now it will keep displaying "john" until it is deleted successfully. Let the injecting begin :P And I appreciate it guys, thanks...

arial 06-18-2004 05:51 PM
Quote:
Originally posted by lamerhooD
Did not work.
Try it in phpMyAdmin :Graucho make John=john

jwerd 06-18-2004 05:53 PM
Quote:
Originally posted by arial
Try it in phpMyAdmin :Graucho make John=john
The point is, I want someone completely random to delete that entry so I can see if it truly is possible to do...without knowing much of anything and without having access to database/server tools :)

jwerd 06-18-2004 05:55 PM
PHP Code:
    $q mysql_query("select * from exploit 

where username = '" .$_GET['sql'] . "'");
    if(!$q)
        die(mysql_error()); 


All times are GMT -7. The time now is 06:02 AM.

Powered by vBulletin® Version 3.8.8
Copyright ©2000 - 2025, vBulletin Solutions, Inc.
©2000-, AI Media Network Inc123