09-04-2008, 04:25 PM
Ok I've attempted at SQL injecting a site but I keep getting a MySQL error. What I've tried to do was add ' or 1=1-- to the url and see what happens. This is the error I get:
The url I entered into the address bar is (site hidden):
I remember I've tried doing something like adding ORDER BY 1*/ to the url and it get the number of columns, but I forgot the actual code. I also remember when I did the whole "order by" attempt I get a bunch of MySQL errors with numbers like 583, 584, ... (they might not be the correct number, I forgot). So yeah can someone help me SQL inject?
Code:
You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '\' or 1=1--' at line 1The url I entered into the address bar is (site hidden):
Code:
http://www._____.com/____gallery.php?action=display&id='%20or%201=1--I remember I've tried doing something like adding ORDER BY 1*/ to the url and it get the number of columns, but I forgot the actual code. I also remember when I did the whole "order by" attempt I get a bunch of MySQL errors with numbers like 583, 584, ... (they might not be the correct number, I forgot). So yeah can someone help me SQL inject?