Skip to content

Parameters

Jump to bottom
ron190 edited this page Jun 18, 2024 · 6 revisions

Several URL components may be exposed to injection vulnerability though the input parameters like the query string are the most common 🎯targets.

The target parameter can be identified easily and manually depending on your security knowledge, however 💉jSQL can also locate the vulnerability automatically.

Path

http://localhost:8080/path/🎯/suffix

Query

http://localhost:8080/path/endpoint?target=🎯&param=value

Request

POST http://localhost:8080/path/endpoint
body> target=🎯&param=value

Header

http://localhost:8080/path/endpoint
headers> Target: 🎯
Param: value

Cookie

http://localhost:8080/path/endpoint
headers> Cookie: target=🎯; param=value

JSON

http://localhost:8080/path/endpoint
body> {
  "target": "🎯",
  "param": "value"
}

SOAP

http://localhost:8080/path/endpoint
body> <soapenv:Envelope>
  <soapenv:Header/>
  <soapenv:Body>
    <gs:method>
      <gs:target>🎯</gs:target>
      <gs:param>value</gs:param>
    </gs:method>
  </soapenv:Body>
</soapenv:Envelope>
Previous topic: SQL Engine, Next topic: Preferences
  1. Home
  2. Features
  3. Strategies
  4. Insights
  5. SQL Engine
  6. Parameters
  7. Preferences
  8. Databases
  9. Programming jSQL
  10. Roadmap
  11. Changelog
Clone this wiki locally