Resources
People often ask me "How did you learn how to hack?" The answer: by reading. This page is a collection of the blog posts and other articles that I have accumulated over the years of my journey. Enjoy!
Bypassing Host Header to SQL injection to dumping Database -- An unusual case of SQL injection
Avinash JainPosted 6 Years Ago- While looking at the X-Forwarded-To header for a white/blacklist, the author noticed that it was being processed in someway. After adding some other inputs to the header, an SQL error occurred.
- By using a time-based attack, data from the database was taken.
- Takeaways:
- Headers are a valid place to look for vulnerabilities, particularly how they are being processed.
- Understand what normal is. If something is not normal, then evaluate it for a potential vulnerability.
