da_667 on Nostr: I've been looking at the vulnerabilties listed in here as an example, and most URI ...
I've been looking at the vulnerabilties listed in here as an example, and most URI parameter sql injections generally follow that assumption.
-there's a parameter, let's say for example parameter is "x"
-so we see "x=" in the URI, followed by some crazy SQL injection shit like:
x=1' UNION SELECT
Published at
2024-06-13 18:13:04Event JSON
{
"id": "2cc13be602a3c9bc6f83942e85a08ac70ebab7fa7b505f13263d2c0c50d741b8",
"pubkey": "657d6ebf3b54bc282e0f6c38fdbec4816896acb71335db6cd55fc506a13982e4",
"created_at": 1718302384,
"kind": 1,
"tags": [
[
"e",
"4bed7c6f0e4a001149b60281639ee1a7c0d21c887a31468c7025a64c344d45d3",
"wss://relay.mostr.pub",
"reply"
],
[
"proxy",
"https://infosec.exchange/users/da_667/statuses/112610665059949128",
"activitypub"
]
],
"content": "I've been looking at the vulnerabilties listed in here as an example, and most URI parameter sql injections generally follow that assumption.\n\n-there's a parameter, let's say for example parameter is \"x\"\n\n-so we see \"x=\" in the URI, followed by some crazy SQL injection shit like:\n\nx=1' UNION SELECT",
"sig": "d9ed5d9346f399c2e461ab2aa67bd9faef519f38d0632a2dab30d67c3b041743d58f8e30e29f5b7e062132c6bb7e51611dc402f86e4d0986cf11f80483ac9772"
}
