![]() If this does not work, instead of - after the number, change it with /*, as they are two difference prefixes and if one works the other tends not too. If the site errored on “order by 9” then we would have 8 columns. If we receive another MySQL error here, then that means we have 4 columns. We do this by entering “order by 1–“, “order by 2–” and so on until we receive a page error. Now we need to find the number of union columns in the database. ![]() If the page loads as normal then the database is not vulnerable, and the website is not vulnerable to SQL Injection. Warning: mysql_num_rows(): supplied argument is not a valid MySQL result resource in /home/wwwprof/public_html/readnews.php on line 29 ![]() If the database is vulnerable, the page will spit out a MySQL error such as Once you have found a page like this, we test for vulnerability by simply entering a ‘ after the number in the url. When testing a website for SQL Injection vulnerabilities, you need to find a page that looks like this:īasically the site needs to have an = then a number or a string, but most commonly a number. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |