2/19/2023 0 Comments Youtube burp suiteThis would UNION the two columns username/password with the first and third columns returned by the SQL query being injection-attacked. ' UNION SELECT username, NULL, password, NULL, NULL from users. If the query returns columns of type string, number, string, string, number, then we could use this value for the category variable: Then we need to craft a query that will result in two columns of text (one column is usernames, other column is passwords) and UNION that with the 5 columns the injection-vulnerable query returns. ![]() Further suppose that we are after usernames and passwords, and we know we can find them in the "users" table. For example, suppose the injection-vulnerable query returns 5 columns, 3 of them are text. Next, find columns with useful data types by modifying the SELECT query above to include a string type instead of a NULL type: ' UNION SELECT 'a',NULL,NULL,NULL. You'll probably need to run this one a few times, with different numbers of NULL or column numbers, to figure out how many columns are returned by the vulnerable parameter. Start by finding the number of columns, by using ' UNION SELECT NULL, NULL- or ' ORDER BY 1-' ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |