- This topic has 1 reply, 2 voices, and was last updated 4 years, 1 month ago by .
- You must be logged in to reply to this topic.
Tagged: Web attack
1. During discovering SQL injections in GET, how do I generate the link where I insert order by, must I login first? Because when Zaid what teaching this, the link was different until he logs in.
2. I also want to know if all SQL attacks must be performed on MyPHPAdmin login page, or if it can be performed on customer/visitors login page.
3. I also noticed that after scanning with dirb, some links like PhpMyAdmin is not working.. when I try to open the link on browser, the link will try to open the homepage of the main website itself instead of a phpMyAdmin login page.
4. All the php websites I’ve come across does not have links with ? I’d=1 on their forms page
Hi!
1. Which lecture are you on? Can you specify?
2. The injections can be done in any page as long as the user can enter any data, this will also depend on how the site is coded and if it’s vulnerable to the attacks.
3. Which site are you scanning? Almost any good developer will prevent the access to phpmyadmin page.
4. Which sites? Remember you can’t run any of the attacks against sites you don’t have permission to.
Let me know.
Diego
Not a member yet? Register now
Are you a member? Login now
Enroll in this course to access this lesson!
All of our courses include:
✔ Lifetime, unlimited access to course materials & training videos.
✔ Verifiable certificate of completion from zSecurity, signed by the course instructor, Zaid.
✔ Get answers from our Support Team within a maximum of 15 hours.
✔ Unlimited Updates.
Get free 1 month VIP membership per course with:
✔ Live mentorship and Q&A session with the course instructor, Zaid.
✔ Instant support from community members through our private discord channel.
✔ Daily updates with the latest tutorials & news in the hacking world.
✔ Daily resources like CTFs, bug bounty programs, onion services and more!
✔ Access our VIP community & connect with like-minded people.
✔ Discounts on other zSecurity products and services.
This website uses cookies so that we can provide you with the best user experience possible. Cookie information is stored in your browser and performs functions such as recognising you when you return to our website and helping our team to understand which sections of the website you find most interesting and useful.
Strictly Necessary Cookie should be enabled at all times so that we can save your preferences for cookie settings.
This website uses Google Analytics and Linkedin to collect anonymous information such as the number of visitors to the site, and the most popular pages.
Keeping this cookies enabled helps us to improve our website.
Please enable Strictly Necessary Cookies first so that we can save your preferences!