More Messing with SQLi (POST Requests, Selection Fields and Reverse Shells)
In my first post about SQLi attacks, I focused mostly on vulnerabilities we can find in GET requests. It is important, however, to check POST requests and headers, too, as these can be vulnerable to SQLi attacks. When we see an input bar for us to use, such as search bars, we can try to inject SQL commands. In the example below, I use a Boolean method to ascertain whether or not the search bar is vulnerable to SQLi. This works because if the statement is True, we see one result on the web-page, but if it evaluates to False, we see a different response. This can be achieved with the simple syntax of ' and 1=1; -- - followed by ' and 1=2; -- - In the above example, I input the SQL commands directly into the search bar. Another way we can inject SQL when working with POST requests if by intercepting our request with a proxy server such as Burpsuite or OWASP Zap. We can then send the request to a repeater tool and try different injections against different POST paramete...