-
Notifications
You must be signed in to change notification settings - Fork 412
Parameters
ron190 edited this page Jun 18, 2024
·
6 revisions
Several URL components may be exposed to injection vulnerability though the input parameters like the query string are the most common 🎯targets.
The target parameter can be identified easily and manually depending on your security knowledge, however 💉jSQL
can also locate the vulnerability automatically.
http://localhost:8080/path/🎯/suffix
http://localhost:8080/path/endpoint?target=🎯¶m=value
POST http://localhost:8080/path/endpoint
body> target=🎯¶m=value
http://localhost:8080/path/endpoint
headers> Target: 🎯
Param: value
http://localhost:8080/path/endpoint
headers> Cookie: target=🎯; param=value
http://localhost:8080/path/endpoint
body> {
"target": "🎯",
"param": "value"
}
http://localhost:8080/path/endpoint
body> <soapenv:Envelope>
<soapenv:Header/>
<soapenv:Body>
<gs:method>
<gs:target>🎯</gs:target>
<gs:param>value</gs:param>
</gs:method>
</soapenv:Body>
</soapenv:Envelope>
Previous topic: SQL Engine, Next topic: Preferences