SOP is browser security model, and I find lot of folks out there, who still dont understand it in and out.
Let me cover it here, in few threads.
Let's Start.
It is a browser security model π₯. Now what does that means ?
It simply means this control is enforced by browser to make user visiting a site more secure from attackers.
Browser creates virtual boundaries to segregate sites and this boundary is identified with ORIGINS.
ORIGIN is combination of Protocol + WebAddress + Port
This is SQLi. easy to guess. Which field is vulnerable : username.
But the tricky part is how to exploit it.
If you disect the code, you would notice that SQL statement should always return one single word. Otherwise comparison will anyway fail in PHP code.
What next ?
What do you think will happen if I input :
" or 1=1;--
Think first !!
.
.
.
.
.
.
This will make SQL return entire password column.
Inturn, PHP check will fail at line #2.
So, you have to make SQL statement return 1 single word, and that should be password which u can match.
Header
β
Summary
β
Work Exp
β
A Section for Books, Patents, Blogs, OSS, Certs Etc
β
Your Skill relevant to job you are applying.
β
Awards & Recognition
β
Educational Qualifications (Last thing I care for)
β
Who are you out of work.
πͺHeader Section. Keep it short, keep it clear. This is a hook.
Few things to put in header section (Good to have links).
1β£ Links to Certifications.
2β£ Public profiles: github, dev, medium, twitter, linkedin etc
3β£ Info : How to reach you back.
4β£ Your current role title
1/n Using: CE so that everyone can explore.
Intruder in CE is limited in multithreading, Turbo-Intruder can overcome that.
- Install through Extender
- Send req to the plugin.
2/n Once you send req to the plugin, a python editor will open. This will show a couple of existing python scripts to take reference from and to use.