Post Parameter SQL Injection With Live HTTP Header

post parameter sql injection

Post Parameter SQL Injection With Live HTTP Header

Hello every in this session I will show you the post parameter sql injection with live Header so read carefully. For This Injection you will need an addon in firefox called Live Http Header

Be Patient while Reading ūüėČ

Code:
index.php?detailrecid=4
or
index.php?maincat_id=1&subcat_id=17
When we add single quote ‘ to test vulnerability web content is changed – we get empty page or Mysql error. Usually this is good and shows us SQLi vulnerability. But in this tutorial we will not do anything with usual procedures to find column number with order by/group by using those links.

 

So Lets Go to page as shown below with music (red ellipse on picture bellow).

code

index.php?maincat_id=1

There are many songs and three buttons (links) for every song (red square on picture bellow).

Post Parameter SQL Injection

we go with mouse over first button in red square (Licence) we get a hint in lower left corner of Firefox about URL we will visit if we will click on it.

code

www.<our_site_in_challenge>.com/license.php

Same is true if we go with mouse over third button (Demo)

Code:

www.<our_site_in_challenge.com>/demos/music/jacosm/ambience-deluxe.mp3

BUT if we go with mouse over second button in red square on picture above (Download) we don’t get that hint any more. We don’t see URL to be visited if we would click on that button (as with other two buttons)

Why it happens ? 

We all know HTTP protocol (by HTTP/1.1 specification) supports different request methods like: GET, POST, HEAD, OPTIONS, PUT, DELETE, TRACE and CONNECT. We are using most of the time GET and POST requests.

Ok, Now Start a Live Http Header and you will get a dialogue.

Post Parameter SQL Injection

Make sure that capture button is checked and if there is some http header in so click con clear button we will start with empty state.

After clicking on button Download our Live HTTP Headers dialog is changed as it captured request sent to server. It will looks like

Post Parameter SQL Injection

From the above picture we can see in first red square it was really POST request as we assumed. From second red square we can see what parameters were sent to server.

We couldn’t see them until we intercept them with Live HTTP Headers (or from web page HTML source code). BTW check box Capture (red ellipse on picture above) can be unchecked now as we don’t want to capture further request(s).

Let’s click on first line in Live HTTP Headers above POST section data (http://www.<our_site_in_challenge>.com/index.php) and then on button Replay in lower left corner of dialog (picture above).

we got a new dialogue

Post Parameter SQL Injection

Look in POST Content section of dialog (red ellipse on picture above)*** There are parameters we can modify.
Now we can use our usual SQLi strategies to test vulnerability, find columns count.****** and prepare our command to inject. In ellipse (picture above) we can see. I already added [b]’ after recid parameter. When I click on button Replay (right lower corner of dialog) our modified command is sent to server and in Firefox we can follow result from it:[/b]

Post Parameter SQL Injection

So recipe after we came to here is easy: modify command in red ellipse further to prepare your SQLi command. After modification just press button Replay again to send it to server. BTW site in this challenge can be injected with union select based or error based SQLi.

I think you enjoyed this Post Parameter SQL Injection tutorial. Keep practising and learning.

Author: Ahmed Raza Memon

I am 17 years old Ethical Hacker, Penetration Tester, Web Security Expert and Exploit Writer From the India. My area of expertise includes Ethical Hacking, Vulnerability Assessment, Information Security Audits, Penetration Testing, Exploit Writing, Web Application security, Source Code Reviews, Forensic Investigation and Cyber Law. I have been Acknowledged by many top companies like Microsoft, Apple, SAP, AOL, Sony and many More...

Leave a Reply