![]() If we see some numbers on screen, i.e 1 or 2 or 3 then the UNION works . ![]() union all select 1,2,3/* (we already found that number of columns are 3 in section 2). With union we can select more data in one sql statement. That means that the it has 3 columns, cause we got an error on 4. order by 4/* <- error (we get message like this Unknown column '4' in 'order clause' or something like that) To find number of columns we use statement ORDER BY (tells database how to order the result) so how to use it? Well just incrementing the number until we get an error. Or something similar that means the Site is vulnerable to SQL injection. "You have an error in your SQL syntax check the manual that corresponds to your MySQL server version for the right etc."
0 Comments
Leave a Reply. |
Details
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |