Home
Tech info
Technology
Science
Life
Application
Electric
Program
Mobile
Windows 10
Windows 11Web2: SQL Injection - Other Exploits
Through cookies
Cookies are files that store user state information when accessing web applications. This information is determined by the programmer, generated on the server and stored at the client. When the user re-visits the web application, cookies are sent by the browser to the server to help restore the user's state in the previous visit.
Because it is stored in the client, the user can edit it at will, so if a web application uses the information stored in cookies to build queries to the database, hackers can completely insert cookies. sql scripts to perform a SQL Injection attack.
There are many tools that allow viewing, adding and editing cookies, in which the addon Cookies Manager of firefox is a quite convenient tool. You can download and install it in firefox easily.
Through server variables
The server variable may be a relatively new concept, but it's not new. Some examples of server variables are Http header, Network header. Not very common but values stored in server variables can be used by web applications such as in logging access or access statistics by user agent. These jobs all have interaction with the database, so hackers can completely use server variables in exploiting Sql Injection.
Firefox addons support these things very well, Tamper Data or Live HTTP headers (exampled above) can help us catch requests sent from the client to the web server, from which we can easily change change the server variables (http header…) before sending them to the server. Mining via server variables is similar to mining via cookies.
Tamper Data:
Second-order Injection
This is a rarely used technique because it is difficult to tell if a web application has this error or not. The technique is described as follows: First, we will 'inject' into the database a piece of code. This code does not pose any danger to the system but it will be used as a springboard for the next injection. Let's see a concrete example to better understand this technique.
We will access a web application and try to register an account with the username "administrator' --". Then we will perform the password change operation. Changing the password is handled by the web application as follows:
With the username registered above, the above query becomes:
Thus, we can change the password of the administrator account and can completely log in as the administrator account.
Lesley MontoyaYou should read it
- Web5: SQL injection - Some techniques to bypass the filtering mechanism
- Web4: SQL injection - Exploitation steps
- Learn about SQL Injection and how to prevent it
- What is Fault Injection Attack (FIA)? Is it worrisome?
- WordPress plugins with more than 300,000 pages that use vulnerabilities are vulnerable to SQL Injection attacks
- What is AI Prompt Injection attack?
- Discuss IFrame Injection Attacks
- Block hacker SQL Injection with ASP
May be interested
- What is Grayware? Is Grayware Dangerous?
grayware can include a lot of software; from completely harmless to relatively dangerous, depending on what it can cause. - How much storage space does your computer need?whether you're considering buying a new computer or planning to upgrade your existing equipment, it's extremely important to consider how much hard drive space you need to add or keep.
- What is MIL-STD-810G? What does the MIL-STD-810G standard mean for smartphones?sometimes you will see smartphone or laptop models listed as meeting the mil-std-810g standard. so what is mil-std-810g? please join tipsmake.com to find out.
- Why are connector cables usually gold plated? Is it necessary?it is not difficult for you to realize that the connectors of many different cables, from stereo jacks, hdmi cables, to ethernet connectors, are often very eye-catching gold plated.
- What is Starlink? How does satellite internet work?if you look up at the beautiful night sky at any point in 2020, you may have seen several new low-earth orbit satellites that form part of spacex's starlink project.
- What is the difference between open source software and closed source software?everything you see on the screen includes the language. someone wrote down words for your computer to understand. these words, or languages, are called codes.
Web3: SQL injection - Exploit directions
Learn about SQL Injection and how to prevent it
Web2.0 - The evolutionary era of community intelligence
What is Fault Injection Attack (FIA)? Is it worrisome?
Web5: SQL injection - Some techniques to bypass the filtering mechanism