The Web Application Hacker’s Handbook Discovering and Exploiting Security Flaws

You can use the Recursive Grep payload type in Burp Intruder to

Download 5,76 Mb.

Pdf ko'rish

bet	477/875
Sana	01.01.2022
Hajmi	5,76 Mb.
	#293004

1 ... 473 474 475 476 477 478 479 480 ... 875

Bog'liq
3794 1008 4334

You then need to set a single payload position to insert each captured string at the appropriate point in your injected query, and set the initial payload to

You can use the Recursive Grep payload type in Burp Intruder to

automate this attack. To do this, you need to configure the Extract Grep

function to use the following trigger to capture the string data returned in the

error message:

varchar value ‘

You then need to set a single payload position to insert each captured string at

the appropriate point in your injected query, and set the initial payload to

a

.

The captured values will be displayed in a column of the results table, and you

should let the attack continue until no further items are returned.

266

Chapter 9

■

Injecting Code

70779c09.qxd:WileyRed 9/14/07 3:13 PM Page 266

Bypassing Filters

In some situations, an application that is vulnerable to SQL injection may

implement various input filters that prevent you from exploiting the flaw

without restrictions. For example, the application may remove or sanitize cer-

tain characters, or may block common SQL keywords. Filters of this kind are

often vulnerable to bypasses, and there are numerous tricks that you should

try in this situation.

Download 5,76 Mb.

Do'stlaringiz bilan baham:

1 ... 473 474 475 476 477 478 479 480 ... 875