mirror of
https://github.com/0x5t4l1n/hunting.git
synced 2026-05-26 11:35:51 +00:00
copilot-swe-agent[bot]
ba72efbc5e
Co-authored-by: Stalin-143 <161853795+Stalin-143@users.noreply.github.com>
18 lines
658 B
Markdown
18 lines
658 B
Markdown
# SQL Injection
|
|
|
|
## Description
|
|
SQL injection is a web security vulnerability that allows an attacker to interfere with the queries that an application makes to its database. This can allow an attacker to view, modify, or delete data that they are not normally able to retrieve.
|
|
|
|
## Common Attack Vectors
|
|
- Login forms
|
|
- Search fields
|
|
- URL parameters
|
|
- HTTP headers
|
|
- Cookie values
|
|
|
|
## Testing Approach
|
|
Submit malicious SQL syntax in input fields and observe application behavior, error messages, and response times to identify SQL injection vulnerabilities.
|
|
|
|
## Payloads
|
|
See `sql-injection-payloads.txt` for a comprehensive list of SQL injection payloads.
|