Home
Upgrade
Credits
Search
Awards
Auth
Vouches
ALERT!
Click here to register with a few steps and explore all our cool stuff we have to offer!

Jump to content

Home Upgrade Credits Search Awards Auth Vouches
Sign In
Create Account


Photo

Found SQL Injection Vulnerabilities on several sites.. no idea how to move forward

Started By lonewolfman, Sep 20 2018 10:58 PM

  • Please log in to reply
Found SQL Injection Vulnerabilities on several sites.. no idea how to move forward

#1
Posted 20 September 2018 - 10:58 PM

lonewolfman
lonewolfman
    Offline
    0
    Rep
    6
    Likes

    Veteran

Posts: 401
Threads: 8
Joined: Sep 08, 2018
Credits: 0

Five years registered
#1
Posted 20 September 2018 - 10:58 PM

Yes, I've read countless articles on Google and I'm still having a hard time wrapping my head around it...

 

Case study one: Using Netsparker I found two critical SQL injection points on a scumbag website that extorts money from open source projects by posting fake "analysis"

  • Blind SQL Injection
  • Boolean Based SQL Injection
  • Bonus: Database has admin privileges

No matter what I try I can't see to replicate the (POST) payloads and create a bd shell.

 

Anyone want to walk me through and be my mentor? Me luv you long time. And some ETH rewards maybe possible if you're a good teacher :)


  • 0

#2
Posted 08 December 2018 - 04:39 PM

JBlazze
JBlazze
    Offline
    0
    Rep
    -1
    Likes

    Member

Posts: 34
Threads: 0
Joined: Nov 05, 2018
Credits: 0
Five years registered
#2
Posted 08 December 2018 - 04:39 PM

Hello


  • -1

#3
Posted 06 February 2019 - 03:19 PM

umerk
umerk
    Offline
    0
    Rep
    5
    Likes

    Addicted

Posts: 172
Threads: 18
Joined: Dec 05, 2018
Credits: 0

Five years registered
#3
Posted 06 February 2019 - 03:19 PM

Yes, I've read countless articles on Google and I'm still having a hard time wrapping my head around it...

 

Case study one: Using Netsparker I found two critical SQL injection points on a scumbag website that extorts money from open source projects by posting fake "analysis"

  • Blind SQL Injection
  • Boolean Based SQL Injection
  • Bonus: Database has admin privileges

No matter what I try I can't see to replicate the (POST) payloads and create a bd shell.

 

Anyone want to walk me through and be my mentor? Me luv you long time. And some ETH rewards maybe possible if you're a good teacher :)

 

Netsparker itself inject as well, and you can give further queries to netsparker


  • 0
Back to Favors & Rewards

 Users browsing this thread:

  1. Nulled
  2. Marketplace
  3. Service Requests
  4. Favors & Rewards