The page has a simple news page with the news item requested through an id=# parameter. First I enter an invalid ID but with a true OR clause and the page returns content:
Sunday, 12 July 2020
sql injection using sqlmap
Below are notes on a sql injection lab. First I identify that the page is susceptible to injection then run sqlmap to extract database content.
Thursday, 2 July 2020
ex-filtrate data over dns with packetwhisper
I had a chance to use PacketWhisper in a lab exercise recently and wanted to try it out again in different environment for my own notes, below are the rough steps taken to setup and run the test. First I cloned the repo on the target machine:
git clone https://github.com/TryCatchHCF/PacketWhisper.git
Subscribe to:
Posts (Atom)