PHP sql injection

No explicit questions like "how do I hack xxx.com" please!
Post Reply
User avatar
shan75
On the way to fame!
On the way to fame!
Posts: 32
Joined: 03 Dec 2009, 17:00
14
Location: india
Contact:
Contact shan75

PHP sql injection

Post by shan75 »

during penetrating a website , i have seen
Parse error in query SELECT RJ_INFO_INTRODUCTION, RJ_INFO_ZODIAC,

RJ_INFO_PERSONALITY_TYPE, RJ_INFO_STYLE, RJ_INFO_FAV_FOOD, RJ_INFO_FAV_MOMENTS,

RJ_INFO_LOVE, RJ_INFO_HATE, RJ_INFO_FASHION, RJ_INFO_PASSION, RJ_INFO_SPORTS,

RJ_INFO_BOOKS, RJ_INFO_SONGS, RJ_INFO_ACTOR,

RJ_INFO_MOVIES,RJ_INFO_CURRENT_MOVIE,RJ_INFO_CURRENT_BOOK,

RJ_INFO_CURRENT_SONG,RJ_INFO_QUOTE FROM RJ_INFO WHERE USER_INFO_ID = SELECT USER_INFO_ID

FROM USER_INFO
Connection is Resource id #5
i get the table name and coloum names but i cant fetch the password coloum from the table name...

please any one tell me what is the problem is it really vurnerable for sql injection..

please help.. thanX
Top
User avatar
bad_brain
Site Owner
Site Owner
Posts: 11636
Joined: 06 Apr 2005, 16:00
19
Location: In your eye floaters.
Contact:
Contact bad_brain

Re: PHP sql injection

Post by bad_brain »

there is an error in the query itself (that's why it returns a "Resource ID #5"), so it's impossible to tell if a vulnerability really exists until the error in the query is fixed... :wink:
Image
Top
Post Reply

Return to “Hacking/Wardriving”