When it comes to SQLi, the SQli polygot is the payload that runs in context of ' (single quote) and " (double quote).
E.g
SLEEP(1) /*' or SLEEP(1) or'" or SLEEP(1) or "*/
Will execute in both the contexts.
How ?
Let's see next.
MYSQL_QUERY = "SELECT * FROM users WHERE username = '<input>'" ;
Would turn into
MYSQL_QUERY = "SELECT * FROM users WHERE username = 'SLEEP(1) /*' or SLEEP(1) or '" or SLEEP(1) or "*/" '";
Carefully observe, the Payload is happy.
Lets turn the payload around.
MYSQL_QUERY = 'SELECT * FROM users WHERE username = "<input>"' ;
And add the polyglot.
MYSQL_QUERY = 'SELECT * FROM users WHERE username = "SLEEP(1) /*' or SLEEP(1) or'" or SLEEP(1) or "*/
"' ;
Payload is happy again.
So the same SQLI payload worked under both the contexts of ' and ".
So no matter what backend is using, you have a benefit.
If you like the thread, consider retweeting it out :)
Also I am running #Learn365 to share security bits, if you want to stay updated, consider following @sec_r0
This is SQLi. easy to guess. Which field is vulnerable : username.
But the tricky part is how to exploit it.
If you disect the code, you would notice that SQL statement should always return one single word. Otherwise comparison will anyway fail in PHP code.
What next ?
What do you think will happen if I input :
" or 1=1;--
Think first !!
.
.
.
.
.
.
This will make SQL return entire password column.
Inturn, PHP check will fail at line #2.
So, you have to make SQL statement return 1 single word, and that should be password which u can match.
SOP is browser security model, and I find lot of folks out there, who still dont understand it in and out.
Let me cover it here, in few threads.
Let's Start.
It is a browser security model π₯. Now what does that means ?
It simply means this control is enforced by browser to make user visiting a site more secure from attackers.
Browser creates virtual boundaries to segregate sites and this boundary is identified with ORIGINS.
Header
β
Summary
β
Work Exp
β
A Section for Books, Patents, Blogs, OSS, Certs Etc
β
Your Skill relevant to job you are applying.
β
Awards & Recognition
β
Educational Qualifications (Last thing I care for)
β
Who are you out of work.
πͺHeader Section. Keep it short, keep it clear. This is a hook.
Few things to put in header section (Good to have links).
1β£ Links to Certifications.
2β£ Public profiles: github, dev, medium, twitter, linkedin etc
3β£ Info : How to reach you back.
4β£ Your current role title