POST, error, and character injection

POST Injection When a web page is uploaded through POST, the injection point is in the POST data packet

Recommended tool: Burp

Burp is a proxy for intercepting, modifying, and replaying data packets between browsers and related applications

Prerequisite: A Java runtime environment is required to run burp

Get a 1.8 JDK and configure the environment variables

Java -jar burp-loader-keygen-2. Jar = Java -jar burp-loader-keygen-2

Click run: to start installing copy lien this writes the pop-up box to copy the contents of the request to produce a copy of Response directly from next

Burp browser Related configurations Proxy needs to be configured for the browser. The proxy can be manually or through the browser plug-in. FoxyProxy is recommended

Successful installation

Install the security certificate. For details, see www.cnblogs.com/aq-ry/p/933…

What is an error injection that shows what we want in the form of an error, a database error that shows what we want

Select extractvalue(1,0Xfa) from the list of functions that are used to query XML documents

Concat (): concatenates multiple strings into one string syntax: concat(str1,str2) select concat(‘~’,(select database()))

‘a and nd ExtractValue (1,concat(0x7e,(seselectlect admin_name FR from om bess_admin),0x7e)– AD)’

POST, error, and character injection

Related Posts

Python Interface Automation part 5 — Interface Test Cases and Interface Test Report Templates

[Django] Study Note 2: Deploying Django on UWSGi

Struts2 creates project 2