I managed to find a vulnerability in a so-called friend of mines website and I want to show him that his website is vulnerable to data extraction.
When I use something like yes')--
as post I get the following debug info:
You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near
'%' ) or (r.nrinreg=1 and datainreg='01.01.2017' and r.adresant like '%yes'
at line 3
So basically my input is inside some brackets. Doing yes%')--
results in a slow-loading page that results with nothing but blank. So that would result in something like this query:
or (r.nrinreg=1 and datainreg='01.01.2017' and r.adresant like '%yes%') -- whatever is after the comment
How can I get any data or MySQL version from that query knowing that the input isn't escaped?
Also, what is this kind of SQL injection called?
ASP.NET Version:2.0.50727.8762