SQL madness: Oh not again!
-
I think the link and the resulting page speak for themselves...
-
I just wonder why the page is named "butter.php".-
-
Yeesh... 'View Source'ing the page is even stranger:
</td></tr></table> ....
EDIT:
There doesn't appear to be a difference between http://www.scitech.gov.ph and http://www.scitech.gov.ph/butter.php
-
Ok, what are the column names? There are 8 in total and so far I've got:
?, entry_id, title, ?, posting_date, ?, ?, ?
The field holding the body is the one between the title and the posting_date but I don't know the name.
-
I've found them now:
item_id, entry_id, title, content, posting_date, start_date, end_date, contributor
The following URL was quite helpful: [url]http://www.scitech.gov.ph/butter.php?opt=3&n_sw=1&newsid=1446%20union%20select%201,%202,%20TABLE_NAME,%20COLUMN_NAME,%205,%206,%207,%208%20from%20INFORMATION_SCHEMA.COLUMNS%20LIMIT%20230,1[/url]
-
You'd think people would be smart enough to take sql injection into account when writing their code...Oh wait this is the human race I'm talking about, nevermind.
-
@galgorah said:
You'd think people would be smart enough to take sql injection into account when writing their code...Oh wait this is the human race I'm talking about, nevermind.
Hey, don't blame this shit on the whole human race, I don't write code like this.
-
Uh oh. There's only "item_id" left...
Where's Bobby Tables?
-
Database error: pconnect(61.14.197.36, usrprt, $Password) failed. MySQL Error: () Session halted.
Someone broke it? :P