jsql-injection icon indicating copy to clipboard operation
jsql-injection copied to clipboard
verified publisher icon ron190

Report (Base64 param)

Open jsql-robot opened this issue 8 years ago • 3 comments

I try test injection for Post Method base login form of project demo at link http://sechow.com/bricks/docs/installation.html

But this tool cannot work?

jsql-robot avatar Feb 08 '18 08:02 jsql-robot

Usually login pages are not meant to extract data by injection but only to be forced by always true SQL conditions like 'or 1=1'.

Instead you should use jSQL on 'Content pages', those pages are made for data extraction using injection.

ron190 avatar Feb 08 '18 21:02 ron190

I guess jsql lacks boolean OR injection for login pages, I'll implement it for the next release.

ron190 avatar Feb 10 '18 15:02 ron190

Injection using OR now works with all five 'Content pages' forms. The last one uses Base64, it still needs tests from my side.

ron190 avatar Jan 08 '20 20:01 ron190