SQL Injection 2

Let’s continue understanding SQL injections. This time we are going to focus on understanding how to exploit more complicated SQL injections manually.


Error/Doble Query

To understand Error-based SQLi, we need to start doing lesson 5 and 6 of the sqlilab.

In this case, we can count columns user order by, but we can’t identify any vulnerable parameters to display information.

So, to extract information, we can use a Firefox add-on named hackbar.



Example 1

If we want to display the version, we select this option and copy it into our payload.' +OR+1+GROUP+BY+CONCAT_WS(0x3a,VERSION(),FLOOR(RAND(0)*2))+HAVING+MIN(0)+OR+1 --+


Example 2

Or the database name (Or any other thing that we want):

To extract the database, we need to select the option in hackbar.


This entry was posted in Hacking Web and tagged , , , , . Bookmark the permalink.

Leave a Reply

Your email address will not be published. Required fields are marked *