In my college, a security challenge event is going on for one whole month, Participants are expected to 'hack' into a website. The site has a login form, which accepts username and password and POSTs the data to 'connect.php. We don't have the source code available. How can I proceed to audit for SQL Injection vulnerabilities? What should my starting point be? I can use sqlmap, but I couldn't make it work with the web form POST-ing form details.
Aucun commentaire:
Enregistrer un commentaire