SQL Injection on Base64 Encoded String Parameters

This article is a guide to perform SQL Injection on the Base64 encoded Url parameters. These parameters are encoded so as to make the site injection proof but that is a big myth. Recently I came across “www.somesite.com/index.php?pid=VkRGRk9WQlJQVDA9″ this kind of URLs. The pid here, “VkRGRk9WQlJQVDA9“. It is nothing but 4 times encoded base64 string,

Advertisements

SQL Injection part 3: Identifying String Data or Numeric Data

This is my third post on SQL Injection, The first post SQL Injection part 1 was just a basic one to check if the SQL vulnerability exist on a certain website and SQL Injection part 2 shows how to exploit the SQL vulnerability. We inject SQL in three parameters, namely: String Data Numeric Data Query structure In

Advertisements

SQL Injection Part 2

In this article we will be looking at SQL Injection and how we can exploit different types of SQL vulnerabilities present on a website.SQL Injection is one most dangerous ways to get into some site and ruin it totally! Database contains every precious information. It consist of records of credit cards, names with address or

%d bloggers like this: