How to test SQL Injection Attack in 2 minutes? - Software Testing

Empowering Technology

Post Top Ad

Responsive Ads Here

Mar 19, 2018

How to test SQL Injection Attack in 2 minutes?

It's high time Software testers are supposed to know about VAPT, XSS, and SQL Injection prevention tests. So basically how and where to start? The API's!
Grab any POST request, find any injection-prone key in request BODY and inject it with following in value:


For Example:

In case you have a login API request:
you can simply pass above SQL Injection in request Body JSON like:

"email": "if(now()%3dsysdate()%2csleep(15)%2c0)/*'XOR
"passsword": "123456"

In case e-mail field is vulnerable and prone to SQL Injection it will delay API response to 20 seconds. All you need to do is identify the key and inject above attack. 

No comments:

Post a Comment

Thanks a lot for your valuable Comment!

Post Bottom Ad

Responsive Ads Here