Documenti di Didattica
Documenti di Professioni
Documenti di Cultura
(GET)
A. Cookies = Permanent Method to maintain Login Sessions & Useful for Advertisements, It’s
a small text file save in our computer
B. PHP Sessions = Temporary way to maintain Login Sessions, when you close browser,
Sessions is closed
13. Install HT Web Application in XAMPP
It Returns a Username & Password as Designed by the Website Owner, He can return anything back
16. First step is Fuzzing the Application by giving some extra characters in Input Parameter in URL
17. Now We have to Copy the error & Guess the Query
19. Next Step is Balance the Query because we have to get out from ID Area,
No Error on Order by 1. Try Order by 2, Order by 3, Order by 4. Till the point we don’t get error
22. On Order By 4, We get error, means 3 columns are used in this Website Query
23. Now we have to start using Union Select 1,2,3 (because there are three columns in Statement),
And we have to give a big number to make first statement wrong, so second our own will work
24. Now 2,3 are printing on the screen so we will change that 2 only to find the things on screen
A. Database Name
B. Table Names
C. Column Names
D. Data
26. To Find Table Names we need to take help of a database name “Information_schema”
27. Now We need to find all the column names from all the tables
29. Now find all the Data From Users, Same how we need to find from Emails
31. Guess The Query With Order by, Not work till Balance Right
32. Works Fine Now, once we balance properly
Use Backslash to generate the error, Use Order by to get column numbers
35. Now use Union Select
36. Lesson 13, Is POST with Outfile, Generate Error then forward output in outfile.
39. We can see its using Single Quotes, now we will make a injection
It will reset password 1 on every user, because 1=1 is always one, and username section is
commented with #, so it will affect all
40. Next Chapter 18 we cannot use directly to break query. So we have to use burp suite to create
error
Which will generate error which we were not able to generate directly because of restrictions
This is How we can proceed every lesson in Burp suite, by injection in different fields via burp suite
42. Next Chapter is cookie Injection, if cannot inject anywhere then next thing to try is cookie,
Install a addon Cookie-Editor in Firefox
Username is cookie, which we can change to shit users, or we can also use union select
statements
Same way we can dig out all data with other commands
43. On Chapter 21, Cookie is Encrypted it’s still username but in Encrypted Form, So we have to
use encrypted ejections in Cookie
We can see Error Is Generated, We can same way give other commands in Encrypted Value to Perform
Other Injections.