From the course: Penetration Testing Web Apps with Kali and Burp Suite
Join today to access over 25,300 courses taught by industry experts.
Injecting SQL using Burp Suite
From the course: Penetration Testing Web Apps with Kali and Burp Suite
Injecting SQL using Burp Suite
- [Instructor] Burp Suite is a powerful tool, and we can use it directly to run an SQL injection attack. Let's take a look at the Hack the Box Europa server, which we believe may have an SQL injection vulnerability. Our preliminary enumeration has identified this server has a named admin portal called admin-portal.europacorp.htb. Let's set that up in our hosts file. sudo nano /etc/hosts. And we'll set up 10.10.10.22. As admin-portal.europacorp.htb. Okay, let's start at Burp Suite. And we'll go to Proxy. Turn off Intercept. And open the browser. And we'll go to https. admin-portal.europacorp.htb. We've now got an admin portal login, which it would appear is still under construction. Let's send in a request with a correctly formatted email address and then check the message exchanges in Burp Suite. admin@europacorp.htb. And we'll put a password in of password. Okay. We can see we've received the login page GET…
Download courses and learn on the go
Watch courses on your mobile device without an internet connection. Download courses using your iOS or Android LinkedIn Learning app.
Contents
-
-
-
-
-
-
-
(Locked)
Exploiting your way into the gym4m
-
(Locked)
Exploiting through an ASPX shell with Cadaver4m 58s
-
(Locked)
Checking web page source1m 50s
-
(Locked)
Injecting HTML into a web page4m 6s
-
(Locked)
Exploiting tools left on websites2m 31s
-
(Locked)
Injecting SQL using Burp Suite3m 45s
-
(Locked)
Exploiting Node.js5m 55s
-
(Locked)
Injecting XML into a web page1m 55s
-
(Locked)
File access through a web application URL1m 32s
-
(Locked)
-
-