Hello Readers, Welcome to my first post, in this Post i will show how to hunt for the Classic SQL injection. Yes, the classic SQL injection vulnerability still exists and i dumped the whole DB. Lets get started…..
Many People have this misconception that in this advanced era, why would any application be vulnerable to the classic SQL injection and doesn't give a try. I always used to ignore SQL. One fine day i was browsing through the programs on bug crowd and selected a wide range target lets call it redacted.com.
Now, How to hunt SQL in a smart way?
Lets Break into Steps:
Step 1: I used google dork to fetch all the login pages → site:redacted.com inurl:login
Step 2: Make a list of SQL payloads, hit on all the login pages with Intruder.
Step 3: Check for SQL Query in error/response.
Step 4: If you successfully get SQL error → Run SQL map
Step 5: Get the big FAT Bounty !!!!
I followed the same steps and executed Blind SQL Successfully
Payload Used Above → admin’ or 1'=’1- -
I used SQL map, captured the request in Burp and made the POST.txt file and ran the SQL map
For your reference on how to use SQL map for post request → https://hackertarget.com/sqlmap-post-request-injection/
And…. Finally Get the Reward :)