-
SQL Injection on Base64 Encoded String Parameters
This article is a guide to perform SQL Injection on the Base64 encoded Url parameters. These parameters are encoded so as to make the site injection proof but that is a big myth. Recently I came across “www.somesite.com/index.php?pid=VkRGRk9WQlJQVDA9″ this kind of URLs. The pid here, “VkRGRk9WQlJQVDA9“. It is nothing but 4 times encoded base64 string,…
-
Time based Blind SQL Injection on MySQL: How to do manually
This article will guide you on how to perform time based SQL Injection on MySQL database. The last article was about Boolean based Blind SQL inection. Application that has been used here for performing attack is Bwapp vulnerable web application. How to know when you need to test for Time based Blind SQL Injection? While…
-
Blind SQL Injection: Introduction
SQL injection is one of the most deadliest attack in the world of Internet. It tops the OWASP top 10. I have already written about the Basic SQL Injection attack. If you haven’t seen those articles, here is the link: http://www.anonhack.in/2015/09/sql-injection-part-1/ http://www.anonhack.in/2016/01/sql-injection-the-guide/ http://www.anonhack.in/2017/06/sql-injection-part-3-identifying-string-or-numeric/ http://www.anonhack.in/2018/04/sql-injection-part-4getting-admin-password/ The above links are the guides to do Error based Reflective…