This is my first Write Up and i want to share about “How i got easy $$$ for SQL Injection Bug”
Note : call the target as Redacted.com
Tools : Burpsuite
Proof of Concept :
1. Sign up for a new account
2. Follow the instruction, and then i got this page :
3. So i got the url like this :
1325589 is my user id. And the i try to add single quote ( ‘ ) to try if the website has SQL Injection or not.
but it didn’t :(
4. But if you see the page again, the page has the Button “Resend Activation Link” so now I turn on my intercept and click the Button.
5. I got the request and the response like this :
The response is redirected me to :
6. So i try to modified the request with added a single quote like this :
and this is the response :
i got redirect to :
7. Now i try to edit the request and added --+- and the response like this :
the response is turn into the default request so i can confirm maybe its a SQL Inejction :D
8. Now i try to edit the response and added “order+by+5” like this :
The response is turn to False condition, so the column doesn’t reach 5
9. Try “order+by+4” → Still False
10. Try “order+by+3” → True !!! :D
so it meaning the column is till number 3
11. So now i try to “union select” like this :
If you see the response i got redirect to :
Yeah !!! I got the number 3.
12. Now try to inject a sql query on number 3, like this:
BOOM !!! I got the user.
13. Now try to got the database name and the version, like this: