Authorization on the site
38 views
Skip to first unread message
jeffryc...@gmail.com
Nov 22, 2013, 4:27:52 AM11/22/13
to jsql-in...@googlegroups.com
hi tnx for soft
question.
Can i use jsql-injection to logging on site?
Injections appears only after login on site.
sorry for my english
ron190jSQL
Nov 23, 2013, 7:22:54 AM11/23/13
to jsql-in...@googlegroups.com
Say, you need to be logged into the site before accessing a vulnerable page, in other words use a session.
Generally when you are logged, a cookie is affected to your browsing session and it allows you to access other pages of the site.
In order to make jSQL inject a browsing session, you should first create the cookie session into your normal browser like Firefox and then retreive the cookie ID affected to that session with tools like Firebug (e.g PHPSESSID=eb9d471c8397f17558bb374d7720f19d). So, you can't avoid a real logging phase in a way.
Then in jSQL, you define the url and parameter for injection as usual, but also define the cookie you got previously into the jSQL cookie parameter (expand the parameters with blue arrow in the top right of the main window).
The injection process should therefore use your Firefox cookie and allows you to test other pages on the site.
Generally when you are logged, a cookie is affected to your browsing session and it allows you to access other pages of the site.
In order to make jSQL inject a browsing session, you should first create the cookie session into your normal browser like Firefox and then retreive the cookie ID affected to that session with tools like Firebug (e.g PHPSESSID=eb9d471c8397f17558bb374d7720f19d). So, you can't avoid a real logging phase in a way.
Then in jSQL, you define the url and parameter for injection as usual, but also define the cookie you got previously into the jSQL cookie parameter (expand the parameters with blue arrow in the top right of the main window).
The injection process should therefore use your Firefox cookie and allows you to test other pages on the site.
Reply all
Reply to author
Forward
0 new messages