Comments on: Injection in Order by, Group by Clause http://www.notsosecure.com/folder2/2008/08/01/injection-in-order-by-clause/ From Pentesters To Pentesters Thu, 08 Jul 2010 02:17:27 +0100 http://wordpress.org/?v=2.8.4 hourly 1 By: GDSG http://www.notsosecure.com/folder2/2008/08/01/injection-in-order-by-clause/comment-page-1/#comment-97786 GDSG Thu, 08 Jul 2010 02:17:27 +0000 http://www.notsosecure.com/folder2/2008/08/01/injection-in-order-by-clause/#comment-97786 THANKS MAN!!! I try to figure this out about 2 days, cuz IF(1=1,1,1) not worked, but this ROCKS. Thanks Again! THANKS MAN!!!
I try to figure this out about 2 days, cuz IF(1=1,1,1) not worked, but this ROCKS.

Thanks Again!

]]> By: Lord http://www.notsosecure.com/folder2/2008/08/01/injection-in-order-by-clause/comment-page-1/#comment-84235 Lord Tue, 21 Apr 2009 14:34:57 +0000 http://www.notsosecure.com/folder2/2008/08/01/injection-in-order-by-clause/#comment-84235 of course -.-' Thank you. of course -.-’
Thank you.

]]> By: sid http://www.notsosecure.com/folder2/2008/08/01/injection-in-order-by-clause/comment-page-1/#comment-83968 sid Fri, 17 Apr 2009 15:00:13 +0000 http://www.notsosecure.com/folder2/2008/08/01/injection-in-order-by-clause/#comment-83968 This is how, you can convert this into standard true and false responses. Think of that error as a 'false' response which you get when doing boolean injection; e.g. id=100 and 1=1; id=100 and 1=2; ---- This is how, you can convert this into standard true and false responses. Think of that error as a ‘false’ response which you get when doing boolean injection;

e.g. id=100 and 1=1; id=100 and 1=2;

—-

]]> By: Lord http://www.notsosecure.com/folder2/2008/08/01/injection-in-order-by-clause/comment-page-1/#comment-83901 Lord Thu, 16 Apr 2009 22:07:52 +0000 http://www.notsosecure.com/folder2/2008/08/01/injection-in-order-by-clause/#comment-83901 Server Version: 5.1.30 I meant especially the "order by"-case. What happens is exactly the shown reaction. What does that error tell me (regarding the injection)? Server Version: 5.1.30
I meant especially the “order by”-case.
What happens is exactly the shown reaction. What does that error tell me (regarding the injection)?

]]> By: sid http://www.notsosecure.com/folder2/2008/08/01/injection-in-order-by-clause/comment-page-1/#comment-83838 sid Thu, 16 Apr 2009 08:32:31 +0000 http://www.notsosecure.com/folder2/2008/08/01/injection-in-order-by-clause/#comment-83838 what version of the mysql are you trying this? I think this doesnot work in some of the recent versions what version of the mysql are you trying this?

I think this doesnot work in some of the recent versions

]]> By: Lord http://www.notsosecure.com/folder2/2008/08/01/injection-in-order-by-clause/comment-page-1/#comment-83793 Lord Wed, 15 Apr 2009 20:59:33 +0000 http://www.notsosecure.com/folder2/2008/08/01/injection-in-order-by-clause/#comment-83793 Great. Thats exactly what I was searching for. Not so great: I do not understand what the example should do... Great. Thats exactly what I was searching for.
Not so great: I do not understand what the example should do…

]]>