https://www.rchitect.in/categories/exfiltration/Recent content in Exfiltration on rchitectHugoenSat, 25 Jun 2022 00:00:00 +0000https://www.rchitect.in/posts/sql-inection/Sat, 25 Jun 2022 00:00:00 +0000https://www.rchitect.in/posts/sql-inection/<h1 id="sql-injection-methods"> Sql Injection Methods <a class="heading-link" href="#sql-injection-methods"> <i class="fa-solid fa-link" aria-hidden="true" title="Link to heading"></i> <span class="sr-only">Link to heading</span> </a> </h1> <h6 id="how-to-identify-sql-injection"> How to identify SQL injection <a class="heading-link" href="#how-to-identify-sql-injection"> <i class="fa-solid fa-link" aria-hidden="true" title="Link to heading"></i> <span class="sr-only">Link to heading</span> </a> </h6> <p>Refer below webpage( a smaple hotel reservation website) from the hackthebox machine.</p> <p><img src="https://www.rchitect.in/images/walk/jarvis/5.png" alt="sql"></p> <p>I am going to add &rsquo; and see if there are any erros.</p> <p>Actual url</p> <pre tabindex="0"><code>http://10.10.10.143/room.php?cod=1 </code></pre><p><img src="https://www.rchitect.in/images/walk/jarvis/6.png" alt="sql"></p> <p>SQL inection tested url</p> <pre tabindex="0"><code>http://10.10.10.143/room.php?cod=1&#39; </code></pre><p>There are no errors and the page seems broken. This gives hint for SQL injection vulnarability.</p>