Thousand Ways To Inject SQL
SQL Injection sounds outdated? No, SQL Injection is a very common vulnerability that existed long time ago, and also many people know how to do it. But not everyone out there knows where to find all SQL Injectable hole. I’ll point out some :
Cookie SQL Injection
Yeah, insert your SQL query through your cookies editor. This can be done if a web application uses value from cookies without a proper sanitizing. Example of vulnerable code :
<?
$preference = $_COOKIE[’pre’];
$color = mysql_query(’SELECT color FROM settings WHERE color = $pre”);
?>
Unfiltered cookies will land you to trouble if you use the cookies string in a SQL command.
User-Agent SQL Injection
Some CMS stores their visitor IPs, browsers, and user-agent information to their database. So the problem is, user-agent can be modified easily. Without a proper sanitize, SQL Injection may occurs too via User-Agent Spoofing. The PoC is same as Cookies SQL Injection.
SQL Injection Via JS Injection
Some sites use javascript to perform data post. Thus, a Javascript + SQL Injection is not impossible.
If you have some more techniques of SQL Injection, you can share it here via comments 
Recent Comments