Post Parameters Injection Through Live HTTP Headers - Tutorial By RAi Jee
In This Tutorial You Will Learn How to Inject a Website Through Post Parameters with Live HTTP Headers.
First You Need Live HTTP Headers Addon installed in Your Browser if Dont have This Addon Than You Can Installed it From This Link.
Live HTTP Headers
Now Lets Start our Tutorial
Here is The our Target Site There You Can See A Search Box.
Now input Some Text in that Search Box and Open Live HTTP Headers Addon.Then Click on The Search Button to execute the Search command.
After Click on the Search BUTTON now see in the Live HTTP Headers to Find our Post Parameter which We Have input There.
And Our Post Parameter is inputsbox=raijee&x=11&y=9. Lets Add Single Quote at end of inputsbox=raijee' to check if its Vulnerable or not.Click on REPLY Option in Live HTTP Headers to execute our Post Parameters Commands.
Now we Can see Our Target is Vulnerable To SQL injection. Now Will Execute our String Based ORDER BY command For Finding Total Number of Columns there.we add our Commands inputsbox=raijee' order by 15-- -
After Executing command of inputsbox=raijee ORDER BY 7-- -&x=11&y=9 we didn't get any result there and also not any kind of error.and After Executing 8 Columns in Order By Statement it Gives Mysql Error .It means There are 7 Total Number of Columns.
Now Let's Execute Of UNION SELECT command For Finding Vulnerable Columns.
We have got 3,1 are Vulnerable Columns There .Lets Add our Query For Finding Version.
You Can see the Version Printed there.
For Getting Tables and Columns and then Extracting DATA from the Tables::
READ THIS TUTORIAL
AUTHOR:Rai Muzammal Hussain a.k.a RAi Jee
0 comments:
Post a Comment