Social Icons

Friday, 10 July 2015

Post Parameters Injection Through Live HTTP Headers

Post Parameters Injection Through Live HTTP Headers
 Post Parameters Injection Through Live HTTP Headers - Tutorial By RAi Jee
In This Tutorial You Will Learn How to Inject a Website Through Post Parameters with Live HTTP Headers.
First You Need Live HTTP Headers Addon installed in Your Browser if Dont have This Addon Than You Can Installed it From This Link.

Live HTTP Headers
Now Lets Start our Tutorial
Here is The our Target Site There You Can See A Search Box.
Post Parameters Injection Through Live HTTP Headers
Now input Some Text in that Search Box and Open Live HTTP Headers Addon.Then Click on The Search Button to execute the Search command.
Post Parameters Injection Through Live HTTP Headers
After Click on the Search BUTTON now see in the Live HTTP Headers to Find our Post Parameter which We Have input There.


Post Parameters Injection Through Live HTTP Headers

And Our Post Parameter is inputsbox=raijee&x=11&y=9. Lets Add Single Quote at end of inputsbox=raijee' to check if its Vulnerable or not.Click on REPLY Option in Live HTTP Headers to execute our Post Parameters Commands.



Post Parameters Injection Through Live HTTP Headers


Now we Can see Our Target is Vulnerable To SQL injection. Now Will Execute our String Based ORDER BY command For Finding Total Number of Columns there.we add our Commands inputsbox=raijee' order by 15-- -
After Executing command of  inputsbox=raijee ORDER BY 7-- -&x=11&y=9 we didn't get any result there and also not any kind of error.and After Executing 8 Columns in Order By Statement it Gives Mysql Error .It means There are 7 Total Number of Columns.
Now Let's Execute Of UNION SELECT command For Finding Vulnerable Columns.
Post Parameters Injection Through Live HTTP Headers


We have got 3,1 are Vulnerable Columns There .Lets Add our Query For Finding Version.
Post Parameters Injection Through Live HTTP Headers
You Can see the Version Printed there.
For Getting Tables and Columns and then Extracting DATA from the Tables::
READ THIS TUTORIAL
AUTHOR:Rai Muzammal Hussain a.k.a RAi Jee

0 comments:

Post a Comment