Some days ago I posted a highly detailed tutorial about sql injection. You may face some problem like below:
www.site.com/index.php ?id=1 order by 5-- >>> no error
www.site.com/index.php?id=1 order by 100-- >>>no error
If you face this kind of problem you should use string basedsql injection. Follow me:
www.site.com/index.php?id=1' order by 100--+ >>>error
For string based sql injection give (+) at last. And add (') after value like id=1'
Example:
See the pic below.
I used order by 100-- but there are no error. Now I use string based sql injection. See another pic.
Yes. We got error. Now do other action as usual. Get mysql injection tutorial from here.
www.site.com/index.
www.site.com/index.php?id=1 order by 100-- >>>no error
If you face this kind of problem you should use string based
www.site.com/index.php?id=1' order by 100--+ >>>error
For string based sql injection give (+) at last. And add (') after value like id=1'
Example:
See the pic below.
I used order by 100-- but there are no error. Now I use string based sql injection. See another pic.
Yes. We got error. Now do other action as usual. Get mysql injection tutorial from here.
