Tagged: 

Viewing 2 posts - 1 through 2 (of 2 total)
  • Author
    Posts
  • #44283
    AvatarAkabueze
    Participant

    1. During discovering SQL injections in GET, how do I generate the link where I insert order by, must I login first? Because when Zaid what teaching this, the link was different until he logs in.
    2. I also want to know if all SQL attacks must be performed on MyPHPAdmin login page, or if it can be performed on customer/visitors login page.
    3. I also noticed that after scanning with dirb, some links like PhpMyAdmin is not working.. when I try to open the link on browser, the link will try to open the homepage of the main website itself instead of a phpMyAdmin login page.
    4. All the php websites I’ve come across does not have links with ? I’d=1 on their forms page

    #44331
    diegodiego
    Moderator

    Hi!
    1. Which lecture are you on? Can you specify?
    2. The injections can be done in any page as long as the user can enter any data, this will also depend on how the site is coded and if it’s vulnerable to the attacks.
    3. Which site are you scanning? Almost any good developer will prevent the access to phpmyadmin page.
    4. Which sites? Remember you can’t run any of the attacks against sites you don’t have permission to.

    Let me know.
    Diego

Viewing 2 posts - 1 through 2 (of 2 total)
  • You must be logged in to reply to this topic.