Home
Tech info
Technology
Science
Life
Application
Electric
Program
Mobile
Windows 10
Windows 11Web2: SQL Injection - Other Exploits
Through cookies
Cookies are files that store user state information when accessing web applications. This information is determined by the programmer, generated on the server and stored at the client. When the user re-visits the web application, cookies are sent by the browser to the server to help restore the user's state in the previous visit.
Because it is stored in the client, the user can edit it at will, so if a web application uses the information stored in cookies to build queries to the database, hackers can completely insert cookies. sql scripts to perform a SQL Injection attack.
There are many tools that allow viewing, adding and editing cookies, in which the addon Cookies Manager of firefox is a quite convenient tool. You can download and install it in firefox easily.
Through server variables
The server variable may be a relatively new concept, but it's not new. Some examples of server variables are Http header, Network header. Not very common but values stored in server variables can be used by web applications such as in logging access or access statistics by user agent. These jobs all have interaction with the database, so hackers can completely use server variables in exploiting Sql Injection.
Firefox addons support these things very well, Tamper Data or Live HTTP headers (exampled above) can help us catch requests sent from the client to the web server, from which we can easily change change the server variables (http header…) before sending them to the server. Mining via server variables is similar to mining via cookies.
Tamper Data:
Second-order Injection
This is a rarely used technique because it is difficult to tell if a web application has this error or not. The technique is described as follows: First, we will 'inject' into the database a piece of code. This code does not pose any danger to the system but it will be used as a springboard for the next injection. Let's see a concrete example to better understand this technique.
We will access a web application and try to register an account with the username "administrator' --". Then we will perform the password change operation. Changing the password is handled by the web application as follows:
With the username registered above, the above query becomes:
Thus, we can change the password of the administrator account and can completely log in as the administrator account.
Lesley MontoyaYou should read it
- Web5: SQL injection - Some techniques to bypass the filtering mechanism
- Web4: SQL injection - Exploitation steps
- Learn about SQL Injection and how to prevent it
- What is Fault Injection Attack (FIA)? Is it worrisome?
- WordPress plugins with more than 300,000 pages that use vulnerabilities are vulnerable to SQL Injection attacks
- What is AI Prompt Injection attack?
- Discuss IFrame Injection Attacks
- Block hacker SQL Injection with ASP
May be interested
- Discuss IFrame Injection Attacks
the type of attack technique iframe injection is still the most basic and popular form of cross-site scripting - xss model . - WordPress plugins with more than 300,000 pages that use vulnerabilities are vulnerable to SQL Injection attacksthe sql injection attack capability was found on one of wordpress's most popular plugins, currently installed on more than 300,000 websites. hackers can exploit to steal databases and hijack remote sites.
- What is AI Prompt Injection attack?ai prompt injection attacks poison the output from the ai tools you rely on, changing and manipulating its output into something harmful.
- Block hacker SQL Injection with ASPsql injection is a hacker 's attack tool to steal vital, vital information of vulnerable organizations and companies.
- Download the latest Joomla version to fix a serious SQL Injection vulnerabilityif your website is based on the joomla content management system make sure to update it to the latest version, which has just been released today.
- Botnet Echobot spreads across a wide range, specifically targeting Oracle and VMware applicationsa relatively new botnet named echobot has contributed to 26 dangerous exploits, while using exploits as a tool to spread quickly.
- The secret of the most special death cases in world historyin the history of the world, there are a number of special death cases that many people can not be surprised as if they do not find a vein to inject poison or after nearly two hours of new deadly poison injection ...
- Microsoft Edge has more features to help limit zero-day exploitsmicrosoft has just added a new feature to the beta test of microsoft edge. this feature helps to mitigate future exploits of unknown zero-day vulnerabilities.
- Microsoft rushed to release security updates for Windows XP, Server 2003if you are still using a copy of windows xp or windows server 2003 on networked systems (and both windows 7, windows server 2008 and 2008 r2), pay attention!
- How to Use JavaScript Injectionsjavascript injection is a process by which we can insert and use our own javascript code in a page, either by entering the code into the address bar, or by finding an xss vulnerability in a website. note that the changes can only be seen...
Basic knowledge
- What is Grayware? Is Grayware Dangerous?
- How much storage space does your computer need?
- What is MIL-STD-810G? What does the MIL-STD-810G standard mean for smartphones?
- Why are connector cables usually gold plated? Is it necessary?
- What is Starlink? How does satellite internet work?
- What is the difference between open source software and closed source software?
What is Grayware? Is Grayware Dangerous?
How much storage space does your computer need?
What is MIL-STD-810G? What does the MIL-STD-810G standard mean for smartphones?
Why are connector cables usually gold plated? Is it necessary?
What is Starlink? How does satellite internet work?
What is the difference between open source software and closed source software?