Skip to content

Parameter

Jump to bottom
ron190 edited this page Jan 28, 2025 · 1 revision

Several URL components can be exposed to injection vulnerabilities though input param like the query string is a common 🎯target.

Any target param can be identified easily and manually depending on your security knowledge, however 💉jSQL can also find the vulnerability automatically.

Path

http://localhost:8080/path/🎯/suffix

Query

http://localhost:8080/path/endpoint?target=🎯&param=value

Request

POST http://localhost:8080/path/endpoint
body> target=🎯&param=value

Header

http://localhost:8080/path/endpoint
headers> Target: 🎯
Param: value

Cookie

http://localhost:8080/path/endpoint
headers> Cookie: target=🎯; param=value

JSON

http://localhost:8080/path/endpoint
body> {
  "target": "🎯",
  "param": "value"
}

SOAP

http://localhost:8080/path/endpoint
body> <soapenv:Envelope>
  <soapenv:Header/>
  <soapenv:Body>
    <gs:method>
      <gs:target>🎯</gs:target>
      <gs:param>value</gs:param>
    </gs:method>
  </soapenv:Body>
</soapenv:Envelope>
Previous topic: SQL Engine, Next topic: Preference
  1. Home
  2. TL;DR
  3. General
  4. Strategy
  5. Insight
  6. Exploit
  7. Reverse shell
  8. Window
  9. SQL Engine
  10. Parameter
  11. Preference
  12. Database
  13. Programming jSQL
  14. Test script
  15. Roadmap
  16. Changelog
Clone this wiki locally