![]() It depends on the confidence of the issue reported by burp, when the confidence is certain, a complete payload for you to reproduce it is provided, usually a sleep command. ![]() ![]() ![]() This is the error that's returned for certain inputs:Īnd this is the SQL injection vulnerability that Burp identified: This is the error and adding gives me the same output: So, I'll add some screenshots of the issues. UPDATE: I'm still able to access the domain ( I thought they had taken it down after the test was over), but I won't be able to share the domain address because I'm unsure if it'll even be legal to publicize it. **Note: The website wasn't their main website, it was a web app created for the sole purpose of exploiting vulnerabilities. (I should mention the Company only allowed me to use manual methods and Burp, no other tools were allowed) Using manual and automated (Burp) methods, I was able to find out the form is definitely vulnerable to SQL Injection attacks, but every time I tried to pass any payloads into the E-mail/username field ![]() A recent employment test prompted me to perform an SQL injection to gain access into their website. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |