Listen to this Post
👉 This is what I worked on today:
✅ SQL Injection – Blind Part 1
✅ SQL Injection – Blind Part 2
✅ SQL Injection – Challenge Walkthrough
💡 I’m really starting to like Alex’s methodology as he is testing web applications. His examples of SQLi queries he would use on a real engagement are priceless! I’m also getting more work with using Burp Suite to test the applications. A little different than ZAP, but good to know both!
🎆 Next up, XSS! 👨💻 😈
You Should Know:
SQL Injection Commands and Examples
1. Basic SQL Injection Payload:
' OR '1'='1
This payload can be used to bypass login forms by exploiting weak input validation.
2. Blind SQL Injection (Time-Based):
'; IF (1=1) WAITFOR DELAY '0:0:5'--
This command delays the response by 5 seconds if the condition is true, helping to identify blind SQLi vulnerabilities.
3. Extracting Database Information:
' UNION SELECT null, version(), null--
This query retrieves the database version, which can be useful for further exploitation.
4. Using Burp Suite for SQLi Testing:
- Intercept the request using Burp Suite.
- Send the request to the Repeater tool.
- Modify the parameters to include SQLi payloads and observe the response.
5. ZAP (OWASP ZAP) for Web App Testing:
- Use the Active Scan feature to automatically detect SQLi vulnerabilities.
- Manually test inputs using the ZAP HUD (Heads-Up Display).
Cross-Site Scripting (XSS) Basics
1. Reflected XSS Payload:
<script>alert('XSS')</script>
This payload can be injected into input fields to test for reflected XSS vulnerabilities.
2. Stored XSS Payload:
<img src="x" onerror="alert('Stored XSS')">
This payload is used to test for stored XSS vulnerabilities in web applications.
3. DOM-Based XSS Example:
document.write('<img src="x" onerror="alert(\'DOM XSS\')">');
This script manipulates the DOM to execute malicious code.
What Undercode Say:
SQL Injection and Cross-Site Scripting (XSS) are critical vulnerabilities that every penetration tester and cybersecurity analyst must master. Tools like Burp Suite and OWASP ZAP are indispensable for identifying and exploiting these vulnerabilities. Here are some additional Linux and Windows commands to enhance your cybersecurity toolkit:
Linux Commands:
1. Nmap for Network Scanning:
nmap -sV -p 80,443 target.com
This command scans for open ports and service versions on a target.
2. Netcat for Port Forwarding:
nc -lvp 4444
This command sets up a listener on port 4444 for reverse shells.
3. Search for Sensitive Files:
find / -name "*.sql" -type f
This command searches for SQL files on a Linux system.
Windows Commands:
1. Check Open Ports:
netstat -an
This command lists all open ports and connections.
2. Ping Sweep:
for /L %i in (1,1,255) do ping -n 1 192.168.1.%i | find "Reply"
This command performs a ping sweep on a subnet.
3. Extract Windows Password Hashes:
reg save HKLM\SAM sam.save reg save HKLM\SYSTEM system.save
These commands save the SAM and SYSTEM files for offline password hash extraction.
For further reading on SQL Injection and XSS, check out these resources:
– OWASP SQL Injection Guide
– XSS Prevention Cheat Sheet
Keep practicing and stay curious! 😈
References:
Reported By: Todd Mattran – Hackers Feeds
Extra Hub: Undercode MoN
Basic Verification: Pass ✅



