Collaborate Disseminate
I’m learning Web Pentesting using Juice Shop and I successfully used Burp Suite to generate an SQL injection payload in the repeater that exposed the plain text email and encoded password of the admin.
By using Burp Suite Decoder, I decode… Continue reading Burp Suite: alphanumeric payload decoded to base64 exposes password, but as an encoded string
Is it possible to extract other collections that exists in the database?
Let’s say I have 2 collections in the database, they are:
1.users
2.posts
Also we assume the users collection is vulnerable to NoSQLi. In an SQL Injection attack we … Continue reading MongoDB NoSQL Injection extract collections
I was performing SQL injection through sqlmap and it showed that the parameter is vulnerable but it is only extracting random bits instead of actual data.
I am pasting extracted material here.
[00:12:27] [INFO] the back-end DBMS is MySQL
b… Continue reading Sql injection extract random bits instead of actual data
I am testing a publicly available site https://example.com/ebill/login.php where I fill the form with account number, like 34413271 and a cookie is assigned for later urls to use, then the above URL redirects to https://example.com/ebill/a… Continue reading How to use sqlmap while website uses multiple redirects
I have tried this payload.
http://testphp.vulnweb.com/listproducts.php?cat=2 +OR+1+GROUP+BY+CONCAT_WS(0x3a,VERSION(),FLOOR(RAND(0)*2))+HAVING+MIN(0)+OR+1 — –
However, the vulnweb server did not show the version and displayed this error s… Continue reading Why this SQL Injection payload fail on vulnweb.com?
I have tried this payload.
http://testphp.vulnweb.com/listproducts.php?cat=2 +OR+1+GROUP+BY+CONCAT_WS(0x3a,VERSION(),FLOOR(RAND(0)*2))+HAVING+MIN(0)+OR+1 — –
However, the vulnweb server did not show the version and displayed this error s… Continue reading Why this SQL Injection payload fail on vulnweb.com?
I was running some sql injection tests in SQLmap, and every time, the tool stopped testing the parameters to ask a Y/n questions, it immediately returned it as ‘command not found’ to both the two possible answers I pass (Y and N) not givin… Continue reading SQLmap is returning "command not found" after every y/n prompt [closed]
I am testing my own flask application that should be vulnerable.
I am using this in SQlmap:
sqlmap -u "https://test.heroku.com/checkusername/student*"
but the requests with payloads I am receiving contain student+payload. I thi… Continue reading SQLMAP setting parameter
Is there any way to instruct sqlmap to perform normal injections without escaping and commenting? For example, it’s confirmed that id=1111+or+(INJECTION_HERE)=1–+ is valid, so can I instruct sqlmap to use that as an injection point and e… Continue reading RAW SQL Injection
Is there any way to instruct sqlmap to perform normal injections without escaping and commenting? For example, it’s confirmed that id=1111+or+(INJECTION_HERE)=1–+ is valid, so can I instruct sqlmap to use that as an injection point and e… Continue reading RAW SQL Injection