If you don't want manual testing you can try sqlmap.
To actually exploit it you will have to use the payload structure provided by burp suite that isn't blocked and similar payloads to get into the tables, columns, etc. Burp is really good but usually needs manual testing after to check and verify valid issues.ĮDIT: the reason why admin' or '1'='1 and similar weren't working is because that is detected by some time of waf. If input'' doesn't return a error message but input' does then probably there is a sql injection there. If the confidence of burp is 'tentative' that usually means the original command and the same command with a ' return different responses, you can manually check what happens when you add a second ' for example: It depends on the confidence of the issue reported by burp, when the confidence is certain, a complete payload for you to reproduce it is provided, usually a sleep command. This is the error that's returned for certain inputs:Īnd this is the SQL injection vulnerability that Burp identified: This is the error and adding gives me the same output: So, I'll add some screenshots of the issues.
UPDATE: I'm still able to access the domain ( I thought they had taken it down after the test was over), but I won't be able to share the domain address because I'm unsure if it'll even be legal to publicize it. **Note: The website wasn't their main website, it was a web app created for the sole purpose of exploiting vulnerabilities. (I should mention the Company only allowed me to use manual methods and Burp, no other tools were allowed) Using manual and automated (Burp) methods, I was able to find out the form is definitely vulnerable to SQL Injection attacks, but every time I tried to pass any payloads into the E-mail/username field A recent employment test prompted me to perform an SQL injection to gain access into their website.
0 kommentar(er)
