Exploiting Double Query SQL Injections
www.adversify.co.uk/exploiting-double-query-sql-injections/
1 Users
0 Comments
1 Highlights
0 Notes
Tags
Top Highlights
We discover an SQL Injection vulnerability, however, the web application isn’t returning any data back on the page which means extraction via UNION SELECT can’t be used. Whilst no data is returned, we do notice that the web application is returning SQL Error Messages back to the user. This means we can utilise a technique called Double query Injection.
Ready to highlight and find good content?
Glasp is a social web highlighter that people can highlight and organize quotes and thoughts from the web, and access other like-minded people’s learning.