ZEROTHCODE

zerothcode blog

Hackers News

How got easy $$$ for SQL Injection Bug

Bug Hello guys,

This is my first Write Up and i want to share about “How i got easy $$$ for SQL Injection Bug”

Note : call the target as Redacted.com Bug

Tools : Burpsuite

Proof of Concept : Bug

1. Sign up for a new account

2. Follow the instruction, and then i got this page :

Image for post

Image for post

3. So i got the url like this : Bug

1325589 is my user id. And the i try to add single quote ( ‘ ) to try if the website has SQL Injection or not.
but it didn’t 🙁

4. But if you see the page again, the page has the Button “Resend Activation Link” so now I turn on my intercept and click the Button.

5. I got the request and the response like this : Bug

Image for post

Image for post

The response is redirected me to :
https://redacted.com/user/resendactivation/xxx/1325589/?smsg=green

6. So i try to modified the request with added a single quote like this :
https://redacted.com/resend/activation/1325589′
and this is the response :

Image for post

Image for post

i got redirect to :
https://redacted.com/signup_page/xxx

7. Now i try to edit the request and added –+- and the response like this :

Image for post

Image for post

the response is turn into the default request so i can confirm maybe its a SQL Inejction 😀

Image for post

Image for post

8. Now i try to edit the response and added “order+by+5” like this : Bug

Image for post

Image for post

The response is turn to False condition, so the column doesn’t reach 5

9. Try “order+by+4” → Still False

10. Try “order+by+3” → True !!! 😀 Bug

Image for post

Image for post

so it meaning the column is till number 3

11. So now i try to “union select” like this :

Image for post

Image for post

If you see the response i got redirect to :

Yeah !!! I got the number 3.

12. Now try to inject a sql query on number 3, like this: Bug

Image for post

Image for post

BOOM !!! I got the user.

13. Now try to got the database name and the version, like this:

Image for post

Image for post

Reward : $$$ Bug

That’s it for this write up from me, i hope you enjoying it.
And sorry for my bad English 🙁 ,
See you again in the next story