Knowledge Base for Penetration Testing
Another form of session hijacking is to steal the session credential from a user’s browser and then use it to impersonate the user on a website. HTTP has no mechanism at the protocol level for tracking the state of a particular browser request. From the server’s perspective, every request it receives from the client is […]
Website enumeration involves discovering resources that the web server is using, as well as the underlying technology that the web server is running on. This information can help you choose more effective vectors to use in an attack, as well as exploit vulnerabilities in specific versions of web server software. You can use several tools […]
https://sqlmap.org/ Useful commands -u URL, –url=URL Target URL (e.g. “www.target.com/vuln.php?id=1”)–data=DATA Data string to be sent through POST-p TESTPARAMETER Testable parameter(s) README.pdf/usr/share/sqlmap/doc/README.pdf Example command to call sqlmap to scan a URL with the opening at the search parameter using a UNION based attack technique At the end of that command set some more properties […]
by 