• XSS.stack #1 – первый литературный журнал от юзеров форума

Recon for SQL injection

Отслеживать

jadugar

floppy-диск
Пользователь
Регистрация
01.06.2025
Сообщения
9
Реакции
0
Депозит
6 Ł
Hi Friends,

From Last few week, I have been hunting SQL injection in VDP , BBP on Hackerone, but I think, I am lacking some tricks .

I want to ask you guys how you guys do recon and mainly on what criteria do you guys filter the requests from recon results for testing for SQL injections.

Also i have heard there are hidden parameters in requests which might get skipped while doing recon. what is general approach to find those hidden parameters in requests?
i have heard fuzzing is was to find those hidden parameter but as i am starting i dont have good wordlist or please share if there is any better method?

Please share
 
Последнее редактирование:
если скриптом то вот словари норм:
github.com

GitHub - fuzzdb-project/fuzzdb: Dictionary of attack patterns and primitives for black-box application fault injection and resource discovery.

Dictionary of attack patterns and primitives for black-box application fault injection and resource discovery. - fuzzdb-project/fuzzdb
github.com
github.com

GitHub - danielmiessler/SecLists: SecLists is the security tester's companion. It's a collection of multiple types of lists used during security assessments, collected in one place. List types include usernames, passwords, URLs, sensitive data patter

SecLists is the security tester's companion. It's a collection of multiple types of lists used during security assessments, collected in one place. List types include usernames, passwords, ...
github.com
или
юзай burp с repeater/intruder и дополнения Param Miner, GAP
 
Я не особо профи в пентесте, но скажу так: весь веб пентест - это фаззинг. Если брать конкретно рекон, то тут это как мне кажется чуть другая тема. Ты изучаешь домен, поддомены, инфру и тд.
Потом ищешь цвехи. Если стоит конкретно цель искать ошибки в коде, то это нужен тебе burpsuite или fuzz. Смотри какие куда параметры передаются, фаззишь\брутишь и будет тебе результат.
Тут - https://github.com/danielmiessler/SecLists/ сможешь найти под все вулны параметры.
 
mil0 сказал(а):
если скриптом то вот словари норм:
github.com

GitHub - fuzzdb-project/fuzzdb: Dictionary of attack patterns and primitives for black-box application fault injection and resource discovery.

Dictionary of attack patterns and primitives for black-box application fault injection and resource discovery. - fuzzdb-project/fuzzdb
github.com
github.com

GitHub - danielmiessler/SecLists: SecLists is the security tester's companion. It's a collection of multiple types of lists used during security assessments, collected in one place. List types include usernames, passwords, URLs, sensitive data patter

SecLists is the security tester's companion. It's a collection of multiple types of lists used during security assessments, collected in one place. List types include usernames, passwords, ...
github.com
или
юзай burp с repeater/intruder и дополнения Param Miner, GAP
Согласен,опять же просто вечная работа с Burp и поиском каких либо поинтов.И дальше идёт фазинг.....фазинг....и ещё раз фазинг
 
admin


Напишите ответ...
  • Вставить:
Прикрепить файлы
Верх