SQL Injection (Search/POST) is also similar to (Search/Get) but the main difference is you cannot see the tittle searched in the URL so you have two options either you can capture the request in burp and do the same steps as we did in (Search/Get) to enumerate the database.
Send the request to repeater
Or you can type the sql syntax in search column itself
And we can also extract the login and password hash in the same way and if we want we can use different columns for that like this.
1' union select 1,login,password,email,5,6,7 from users #
Twitter / Hack The Box / CTF Team / Teck_N00bs Community Telegram
Comments