1. During discovering SQL injections in GET, how do I generate the link where I insert order by, must I login first? Because when Zaid what teaching this, the link was different until he logs in.
2. I also want to know if all SQL attacks must be performed on MyPHPAdmin login page, or if it can be performed on customer/visitors login page.
3. I also noticed that after scanning with dirb, some links like PhpMyAdmin is not working.. when I try to open the link on browser, the link will try to open the homepage of the main website itself instead of a phpMyAdmin login page.
4. All the php websites I’ve come across does not have links with ? I’d=1 on their forms page
1. Which lecture are you on? Can you specify?
2. The injections can be done in any page as long as the user can enter any data, this will also depend on how the site is coded and if it’s vulnerable to the attacks.
3. Which site are you scanning? Almost any good developer will prevent the access to phpmyadmin page.
4. Which sites? Remember you can’t run any of the attacks against sites you don’t have permission to.
Strictly Necessary Cookies
Strictly Necessary Cookie should be enabled at all times so that we can save your preferences for cookie settings.
3rd Party Cookies
This website uses Google Analytics and Linkedin to collect anonymous information such as the number of visitors to the site, and the most popular pages.
Keeping this cookies enabled helps us to improve our website.
Please enable Strictly Necessary Cookies first so that we can save your preferences!