XFS

Article title    : Cross site
scripting(XSS) From SQL Injection
Author            : Pr0T3cT10n <pr0t3ct10n@gmail.com>
Site            : http://www.nullbyte.org.il
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
[*] Table of Contents:
    [*] 1 - Presentation.
    [*] 2 - Explanation.
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
[*] 1 - Presentation:
    [^] What is XFS?
        [*] XFS(XSS FROM SQL) means that we can execute js code from sql
injection vulnerability through the function char().
            The function char() is designed to convert ASCII code to char. Thats
why we use this function, for execute js code.

    [^] What we need?
        [*] SQL Injection.
        [*] String 2 ASCII converter.
        [*] The function char.

[*] 2 - Explanation:
    [^] OK, so..first of all. we need ascii converter. online convertor:
http://www.easycalculation.com/ascii-hex.php
        The function char used to return output data. it means that if we will
 encode n then put it inside the function
        So the function char() will execute the code. note, you must not have
any space on your js code otherwise it will not executed.
        For example:
       
http://www.example.com/index.php?id=1+union+all+select+1,2,3,4,char(ASCII_CODE),5--

        So, if you want to steal cookies, you will need to encode your js code
 then put it instead ASCII_CODE then send it to your victim.
       
This attack is useful, at least for me..I used it several times and it
works fine for me.