SQL Injection Stored XML Low Security Level
SQL Injection - Stored (XML) - Low Security Level
Solution:
*Note: I am using BurpSuite pre configured browser, in case if you are not using the pre configured browser then please configure the browser with proxy and then follow the below steps.
Step 1. Click on Any bugs? button and intercept the request through BurpSuite.
Step 2. Right click and send the request to the Repeater Tab
Step 3. Click on Send and check the Response
Step 4. Add ' as shown in the video and click on send and check the response
Check the error and or Click on render and the output will be displayed
Step 5. Add the payload as shown in the video
+(select 0 from users)+ and click on send and check the output
Step 6. You can test the same lesson with other payload. Follow steps as shown in the video
a. Click on Proxy
b. Right click and sent the request to Repeater page
c. Remove the highlighted text as shown in the video and add the below payload
Payload:
Note: As Angle Brackets aren't allowed in YouTube Description, replacing them with ( ), kindly rollback ( ) to Angle Brackets
(?xml version="1.0" encoding="UTF-8" ?)
(!DOCTYPE copyright [(!ENTITY test SYSTEM "file:///etc//passwd")])
(rest)
(login)&test;(/login)
(secret)login(/secret)
(/rest)
d. Click on Send button.
Explore lesson with other payloads
PseudoTime
