Re-posted and Updated [Complete MySQL Injection]
#6
#0x05.c ~ Addressing Vulnerable Part

Now, we need to use union statement & find the column which we can replace so as to see the secret data on the page.

First lets craft the union statement which won't error.. This becomes like this:
PHP Code:
<?php 
site.com/article.php?id=5+UNION+ALL+SELECT+null/* 
This would error because our query needs to have one more null there.. Also null doesnot cause any type conversion error as it is just null..

So for our injection, it becomes:
PHP Code:
<?php 
site.com/article.php?id=5+UNION+ALL+SELECT+null,null/* 

For this we do:
PHP Code:
<?php 
site.com/article.php?id=5+UNION+ALL+SELECT+1,2/* 
Now we will see the number(s) on the page somewhere. I mean, either 1 or 2 or both 1 & 2 are seen on the page. Note that the number may be displayed anywhere like in the title of the page or sometime even in the hidden tags in the source.. So, this means we can replace the number with our commands to display the private data the DB holds.

In my example, 1 is seen on the page. This means, I should replace 1 with my thingsto proceed further. Got it? So lets move forward.


 
Quote:i dont know much about sql so me got confused. so please, can you explain this part?
Reply


Messages In This Thread
RE: Re-posted and Updated [Complete MySQL Injection] - by thunder - 04-28-2019, 09:46 PM

Possibly Related Threads…
Thread Author Replies Views Last Post
  CRLF Injection - Manipulating an HTTP Request Insider 1 617 06-16-2020, 12:38 PM
Last Post: dropzone
  [Tutorial] Request header MySQL injection using netcat and burp suite Insider 0 542 06-16-2020, 02:53 AM
Last Post: Insider
  [SSI] Server-Side Includes Injection. [Tutorial] Insider 4 2,234 03-27-2020, 04:55 PM
Last Post: Insider
  Basics of website and server hacking Insider 0 1,603 03-26-2020, 09:34 PM
Last Post: Insider