SQL Injection -Stored (User-Agent)


This is the vulnerability where we will learn to do SQLi in user-agent

153
First reload the page and capture the GET request in burp 154
Send the request to repeater and check the SQLi with single quote in User-Agent: 155 156 157
And we got the error. 158 159
Now let’s try to extract the mysql root password 160 161

~ Hack the World and Stay Noob

Twitter / Hack The Box / CTF Team / Teck_N00bs Community Telegram

Comments