filmov
tv
SQL Injection Stored User Agent
Показать описание
SQL Injection - Stored (User-Agent) - Low Security Level
Solution:
*Note: I am using BurpSuite pre configured browser, in case if you are not using the pre configured browser then please configure the browser with proxy and then follow the below steps.
Step 1. Choose the lesson bug (as shown in the video) and click on Hack button.
Check the User-Agent:
Click on Forward
Find User-Agent: and remove all the text in front of it
Add the payload in front of User-Agent:
PseudoTime',(select concat(id,login,password) from users limit 0,1)) #
Step 4. Turn intercept to off and go to the lesson page and check the results.
PseudoTime
Solution:
*Note: I am using BurpSuite pre configured browser, in case if you are not using the pre configured browser then please configure the browser with proxy and then follow the below steps.
Step 1. Choose the lesson bug (as shown in the video) and click on Hack button.
Check the User-Agent:
Click on Forward
Find User-Agent: and remove all the text in front of it
Add the payload in front of User-Agent:
PseudoTime',(select concat(id,login,password) from users limit 0,1)) #
Step 4. Turn intercept to off and go to the lesson page and check the results.
PseudoTime
0:07:59
0:03:05
0:09:37
0:10:37
0:10:37
0:04:40
![[bug-bounty] SQL injection](https://i.ytimg.com/vi/MU_N4EZFD1c/hqdefault.jpg)
0:06:25
0:01:03
0:01:10
0:05:40
0:01:00
0:10:14
0:15:29
0:11:40
0:08:03
0:06:04
0:03:20
0:04:26
0:03:50
0:22:00
0:05:14
0:06:03
0:02:08
0:02:02