Exploiting SQLi without any SQL error in output

Hi hackers,

I will be showing you how to exploit SQLI when there are no SQL errors in outputs(tricky but simplified)

let’s get started

let’s assume our target is https://target.com

visiting the target page

then let’s confirm the SQLi vulnerability by adding a single quote to the parameter value

As you can see we’ve no sql injection error when i added a single quote, but notice the contents on the page are missing(compare both before and after adding a single quote)

this shows SQLI is possible

so, let’s balance the url by appending a comment(url balancer) to the parameter value.

As you can see we have the normal page load after adding the comment --+- after the parameter value

let’s proceed by counting the number of columns present in the DB using the order by query

order by 1 loads the normal page

so, keep increasing the number till you have the page with removed contents

order by 19 gave the page with removed contents which means there are 18 columns in the DB

let’s proceed to getting the vulnerable column

https://target.com/page.php?pe=-36' union select 1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18--+-

column 9 is the vulnerable coulmn where we can inject our queries for dumping the datasbase

let’s get the version of the SQL database using the query @@version

https://target.com/page.php?pe=-36' union select 1,2,3,4,5,6,7,8,@@version,10,11,12,13,14,15,16,17,18--+-

will be stopping here since the vulnerability and its explitation has been confirmed.

check previous post for how to perform the full exploitation step by step

Thanks

See you in the next post for another amazing trick.