127
vote
Next week I'm going to do some more research on SQL injection. I have a pretty complete sheet for MySQL but I thought about more ways of information gathering. One of them is pretty slick if I may say myself. Usually when you do a UNION SELECT injection you need to guess how may columns there are in a table. This can take plenty of time and many times it is not sure you got a proper result. This next vector outputs the exact amount of columns in a secondary table. it only works if the PHP script echoes back errors, which probably is standard practice by programmers. That's why error/file disclosure can help us.
Bookmark/Search this post with:
Trackback URL for this post:
http://www.secgeeks.com/trackback/569
