In each step, I will take two part, the first part is the request that was make by attacker, the second is query string that target.com used to get the data from database and highlight in the second are texts that make by attacker.
1. Find the vulnerability parameter with any special character or ', "
Request
target.com/users.php?userid='
Query String
select name, nickname from users where
No comments:
Post a Comment