Skip to content

Instantly share code, notes, and snippets.

@alexiasa

alexiasa/notes.md

Created September 28, 2019 03:42
Show Gist options
  • Save alexiasa/6721f70802b3ce72419782849ebd8c4d to your computer and use it in GitHub Desktop.
Save alexiasa/6721f70802b3ce72419782849ebd8c4d to your computer and use it in GitHub Desktop.
Download ZIP
Column Enumeration with Burp Intruder
Raw
notes.md

Using Burp Suite to Enumerate Database Columns

I exploited a SQLi vulnerability to enumerate the columns in a database by doing something like this:

/comment.php?id=738 order by 1;#

Automating With Burp Suite

Column enumeration can be achieved in a manner indistinguishable from magic by using sqlmap.

It can also be achieved with Burp Suite's Intruder function.

Positions:

  • Attack Type: Sniper
  • Payload: configure to use the position of 1 in the snippet above

Payloads

  • Payload Options:
    • Payload Type: Numbers
    • Type: Sequential
    • Step: 1
    • Max Fraction Digits: 0

Options

  • Grep - Match:
    • Add "column" to the list of terms.
    • Match Type: Simple string
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment