think about it, what did UNION ALL SELECT return? Why sis you use UNION ALL SELECT 1,2–? oh and the column names are username, admin, and password just to let you know.
9 years ago
9 years ago
Just try to pick it directly from the password column
You can add a condition to the end that you just get the password of the user with the name of the admin so it should be pretty easy when you are already into it
one way to do it is to find the admins, the admin’s username, and password separately, or the second way is to use a WHERE statement to get the admin’s username, then the password. A note here should be that one tries to find them one at a time, and from the same vulnerability. I think I’ve already said too much
Easy anyway.. You just have to get into it after doing that it’s pretty easy.
You should always start with generating an error to see what the SQL part looks like.. Then you can easily inject it and find first the admin then the password..
9 years ago | edited 9 years ago
Don’t think this will be any problem.. when you got the password then there are many ways to find its real value.
But I wouldn’t call it ‘encrypted’ still sounds like you could decrypt it and that’s not really possible.