Determining the Number of Columns

346
◾ 
Ethical Hacking and Penetration Testing Guide
When executing this command, we get an error pointing that column number 10 does not 
exist. This way we know that the number of columns is less than 10. We would continue testing 
this way:
http://localhost/index.php?support=yes’ order by 9--±—Error
http://localhost/index.php?support=yes’ order by 8--±—Error
http://localhost/index.php?support=yes’ order by 8--±—Error
http://localhost/index.php?support=yes’ order by 7--±—Error
http://localhost/index.php?support=yes’ order by 6--±—No Error
When doing order by 6, we get no error, which means our column count is 6. In a similar 
manner, you can also use “group by” keyword to determine the number of columns, in case the 
order by keyword doesn’t work or it’s blacklisted by the WAF.
Note
: The reason we are using ‘ and --± is because our injection type is string. We can figure 
this out as follows: In a string-based SQL injection, no matter how much you increase the count, 
you don’t get any results printed on the screen, which means that you need to append a single 
quote with every query.

Yüklə 22,44 Mb.

Dostları ilə paylaş: